I think that it can be solved by using some "standard" solutions:
- encrypting some user specific data (for example a random generated client
ID stored in the session)
- encrypting a time stamp (or validity intervall)
- etc.
BR,
Norbi
1) Provide a system/hivemind/whatever configurable property that
specifies
the sort of encrytion scheme you'd like to use on these states...Could be
none/base64/blowfish/md5/sha/etc....Then only people who need it have to
take the performance hit.
I think this is not that simple: How to prevent replay attacks? If
user=root is encrypted as "kedf82", nothing can prevent the user from
copy and pasting it. Injecting some sort of state into the data may
prevent reply attacks but will also defeat the whole purpsoe of
client-side state (the back button).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
