[plt-scheme] Introducing... Stuffers

From: Ray Racine (ray.racine at comcast.net)
Date: Sat Feb 7 07:37:42 EST 2009

...
> If you just use serialize-stuffer, then the user can change anything
> they want.
...

> If you use the md5-stuffer, then they never get the continuation, so
> it's no big deal.

There is a standard technique for a Server to send data (in this case
the serialized continuation) freely out into the wild and woolly
internet and ensure that the returned data has not been tainted or
hijacked in anyway.  The technique is based upon a signature such as
MD-5 or SHA1 and a secret key.  

You could use it to send a continuation from one server to another in
your cluster via user's cookie for example and the receiving Server can
confidentially determine that the data was "minted" by a trusted peer
Server for example.

See HMAC on Wikipedia.




Posted on the users mailing list.