[plt-scheme] Introducing... Stuffers

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Mon Feb 9 13:22:30 EST 2009

As promised, an HMAC-SHA1 signing stuffer is now implemented.

http://faculty.cs.byu.edu/~jay/plt-doc/web-server/stuffers_ss.html#(part._.H.M.A.C-.S.H.A1_.Signing)

Jay

On Sat, Feb 7, 2009 at 6:14 AM, Jay McCarthy <jay.mccarthy at gmail.com> wrote:
> Thanks Ray, that is exactly what I planned on implementing. (Basically
> what my old HMAC [1] and secure url-param [2] PLaneT packages do.)
>
> The point of this post was that any PLT WS user can write whatever
> kind of serializer they need. I only initially wrote the ones that
> correspond to the prior default behavior.
>
> Jay
>
> 1. http://planet.plt-scheme.org/package-source/jaymccarthy/hmac-sha1.plt/1/1/hmac-sha1.ss
>
> 2. http://planet.plt-scheme.org/package-source/jaymccarthy/url-param.plt/2/0/secure.ss
>
> On Sat, Feb 7, 2009 at 5:37 AM, Ray Racine <ray.racine at comcast.net> wrote:
>> ...
>>> If you just use serialize-stuffer, then the user can change anything
>>> they want.
>> ...
>>
>>> If you use the md5-stuffer, then they never get the continuation, so
>>> it's no big deal.
>>
>> There is a standard technique for a Server to send data (in this case
>> the serialized continuation) freely out into the wild and woolly
>> internet and ensure that the returned data has not been tainted or
>> hijacked in anyway.  The technique is based upon a signature such as
>> MD-5 or SHA1 and a secret key.
>>
>> You could use it to send a continuation from one server to another in
>> your cluster via user's cookie for example and the receiving Server can
>> confidentially determine that the data was "minted" by a trusted peer
>> Server for example.
>>
>> See HMAC on Wikipedia.
>>
>>
>> _________________________________________________
>>  For list-related administrative tasks:
>>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>>
>
>
>
> --
> Jay McCarthy <jay at cs.byu.edu>
> Assistant Professor / Brigham Young University
> http://teammccarthy.org/jay
>
> "The glory of God is Intelligence" - D&C 93
>



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://teammccarthy.org/jay

"The glory of God is Intelligence" - D&C 93


Posted on the users mailing list.