NYPHP group meeting - Security and tamper proof URLs

[Gena01]

So yesterday was my first time attending NYPHP group meeting in the IBM building. They were not kidding when they said that people should be there 6:30pm sharp. I came in like 5 minutes late and already missed a bunch of slides.

Some summary items:
* HMAC is used to tamper proof URLs.
* Don't use PEAR Crypt_HMAC it's bad/buggy.
* PHP5.1.2 has new "hash" extension that has hash_hmac() function written in C. For older versions they claim you can grab and compile extension from PECL.
* To use HMAC you need to pass at least 2 parameters in your URL: your message (or normal parameter) and then the hmac verification code. If you passing in >1 parameter then you need to HMAC ALL of the parameters.
* I was really curious about single sign-on stuff which I guess could be a topic for the next meeting.

I am really starting to enjoy these little get togethers. It's also a great way to meet people in the community. Looking towards the other meetings.

Update: The slides have been posted by the presenter here: http://modp.com/slides/securestring/

P.S.  There's a tech party coming up in like two weeks.

Gena01

[Tags:]

Jump to: Please select a destination: ----------------------------- General ----------------------------- => Gena01 Blog => Website ----------------------------- Software Development ----------------------------- => My Software => Win32Get => Win32Pad => Win32Whois