On Mon, 01 Jul 2013 16:19:54 -0700
wr...@rowe-clan.net wrote:
On Fri, Jun 28, 2013 at 4:29 PM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
With our 5 binding +1's and additional positive feedback I'll begin
staging this to the proxies later this evening.
Thanks to everyone who
On Sun, 7 Jul 2013, j...@apache.org wrote:
Author: jim
Date: Sun Jul 7 14:05:37 2013
New Revision: 1500437
URL: http://svn.apache.org/r1500437
Log:
conf-mutex is not used... Also, ensure that pool
use is protected
Modified:
httpd/httpd/trunk/modules/proxy/proxy_util.c
From PHP I need to be able to set and read the session cookies created by
mod_session_crypto.
Suppose, I know the SessionCryptoCipher (aes256, the default) and the
SessionCryptoPassphrase, how can I decrypt the session-cookie? Its value is
available to PHP as _REQUEST['session']...
I have
https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy
The session will be automatically decrypted on load, and encrypted on save
by Apache, the underlying application using the session need have no
knowledge that encryption is taking place.
On Mon, Jul 8, 2013 at 6:58 PM,
On 08.07.2013 19:11, Daniel Lescohier wrote:
https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy
The session will be automatically decrypted on load, and encrypted on save by
Apache, the underlying application using the session need have no knowledge
that encryption is
On 9 Jul 2013, at 00:11, Daniel Lescohier daniel.lescoh...@cbsi.com wrote:
https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy
The session will be automatically decrypted on load, and encrypted on save
by Apache, the underlying application using the session need have no
The mod_session_crypto.c adds a salt (from calling apr_uuid_get) to the
data when encrypting it. Without a salt, the encryption wouldn't be that
strong. Perhaps your decryption code isn't handling the salt?
On Mon, Jul 8, 2013 at 7:29 PM, Graham Leggett minf...@sharp.fm wrote:
On 9 Jul
You could perhaps also setup Apache as a reverse-proxy to the other
application, so Apache will decrypt it before proxying it to the other
application.
On Mon, Jul 8, 2013 at 7:33 PM, Daniel Lescohier
daniel.lescoh...@cbsi.comwrote:
The mod_session_crypto.c adds a salt (from calling
On 9 Jul 2013, at 00:29, Mikhail T. mi+t...@aldan.algebra.com wrote:
Thank you, Daniel, for providing a you don't need to know answer to a
question.
I do, however, have this need -- in my application the cookie will need to be
created by a server completely different from the one, that
08.07.2013 19:35, Graham Leggett wrote:
Like Daniel said, you don't need to know.
This is unhelpful. Do you /know/ the answer? If you do, could you share
it? If you are trying to avoid committing to a particular method --
because you foresee it changing in the future -- well, that does not
seem
Here is the actual procedure (in TRUNK, but last modified 3 months ago, I
did not look at what changed).
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_crypto.c?view=markup
Ignoring the apache-specific configuration, it looks pretty standard to me
(although I did not
08.07.2013 23:44, Yehuda Katz написав(ла):
Ignoring the apache-specific configuration, it looks pretty standard
to me (although I did not spend too long looking at it, but I did
teach college-senior crypto last semester and it looks similar to a
project we assigned).
Would you be able to
Unfortunately not this week. Send me a reminder email next week and I
should be able to look at it.
- Y
On Tuesday, July 9, 2013, Mikhail T. wrote:
08.07.2013 23:44, Yehuda Katz написав(ла):
Ignoring the apache-specific configuration, it looks pretty standard to me
(although I did not spend
08.07.2013 19:29, Graham Leggett wrote:
See also the section on integrating with external applications.
https://httpd.apache.org/docs/2.4/mod/mod_session.html#integration
Indeed, from this link (emphasis mine):
Standalone applications
Applications might choose to manipulate the
14 matches
Mail list logo
