I don't see how it could be randomly generated else how would you be able to
use it for authenticating etc but then I'm not a security expert. I use a
long character string known only to me and stored outside my web directory.
Maybe other ppl do differently I don't know.
- Original Message -
From: Pablo Oliva [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, September 29, 2002 7:52 PM
Subject: [PHP] hash function secret
I was reading the sept. issue of linux magazine and they discussed
security issues with web apps.
They mentioned that to generate signatures, you should include a secret
with your hash function:
s = S(m) = H(secret, H(m, secret))
What is the secret, just a sort of secret code that you include, like
some sort of random password: gr8ckret46eme as an example ???
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php