Paul, I just signed up on this list and I'm really enjoying your discourse.
> When I develop my own applications, I use cookies for > personalization and caching. I use the authentication system described in > > http://cookies.lcs.mit.edu/pubs/webauth:sec10-slides.ps.gz > > this mechanism can carry a "session id", which in turn can be used > a key against application state stored in a relational database. In regards to slides 29 and 30, can you elaborate and give a more detailed example what they are trying to say? Are they saying that the session key should contain a hash of the data? Or does the hash become the "salt" in crypting the data? Finally, how does doing that make it easier to prevent circumvention and forgeability. Thank you. -- Overheard at work: "The way is was implemented here is not the same way as it was implemented at places it works" __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
