[plt-scheme] Introducing... Stuffers

Thanks Ray, that is exactly what I planned on implementing. (Basically
what my old HMAC [1] and secure url-param [2] PLaneT packages do.)

The point of this post was that any PLT WS user can write whatever
kind of serializer they need. I only initially wrote the ones that
correspond to the prior default behavior.

Jay

1. http://planet.plt-scheme.org/package-source/jaymccarthy/hmac-sha1.plt/1/1/hmac-sha1.ss

2. http://planet.plt-scheme.org/package-source/jaymccarthy/url-param.plt/2/0/secure.ss

On Sat, Feb 7, 2009 at 5:37 AM, Ray Racine <ray.racine at comcast.net> wrote:
> ...
>> If you just use serialize-stuffer, then the user can change anything
>> they want.
> ...
>
>> If you use the md5-stuffer, then they never get the continuation, so
>> it's no big deal.
>
> There is a standard technique for a Server to send data (in this case
> the serialized continuation) freely out into the wild and woolly
> internet and ensure that the returned data has not been tainted or
> hijacked in anyway.  The technique is based upon a signature such as
> MD-5 or SHA1 and a secret key.
>
> You could use it to send a continuation from one server to another in
> your cluster via user's cookie for example and the receiving Server can
> confidentially determine that the data was "minted" by a trusted peer
> Server for example.
>
> See HMAC on Wikipedia.
>
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://teammccarthy.org/jay

"The glory of God is Intelligence" - D&C 93