[plt-scheme] Introducing... Stuffers

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Sat Feb 7 08:14:16 EST 2009

Thanks Ray, that is exactly what I planned on implementing. (Basically
what my old HMAC [1] and secure url-param [2] PLaneT packages do.)

The point of this post was that any PLT WS user can write whatever
kind of serializer they need. I only initially wrote the ones that
correspond to the prior default behavior.


1. http://planet.plt-scheme.org/package-source/jaymccarthy/hmac-sha1.plt/1/1/hmac-sha1.ss

2. http://planet.plt-scheme.org/package-source/jaymccarthy/url-param.plt/2/0/secure.ss

On Sat, Feb 7, 2009 at 5:37 AM, Ray Racine <ray.racine at comcast.net> wrote:
> ...
>> If you just use serialize-stuffer, then the user can change anything
>> they want.
> ...
>> If you use the md5-stuffer, then they never get the continuation, so
>> it's no big deal.
> There is a standard technique for a Server to send data (in this case
> the serialized continuation) freely out into the wild and woolly
> internet and ensure that the returned data has not been tainted or
> hijacked in anyway.  The technique is based upon a signature such as
> MD-5 or SHA1 and a secret key.
> You could use it to send a continuation from one server to another in
> your cluster via user's cookie for example and the receiving Server can
> confidentially determine that the data was "minted" by a trusted peer
> Server for example.
> See HMAC on Wikipedia.
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme

Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University

"The glory of God is Intelligence" - D&C 93

Posted on the users mailing list.