Hello,
Just to clarify, when I say "session" I don't mean "session" data. Just
a previous "session" of work
performed by the user. I want to save their settings.
This is a tool for company use only, specifically debugging/QA and is CL
driven.
Now to answer your other questions:
Nick Galbreath wrote:
Hi, I'm the speaker from last week's NYPHP talk on cryptography.
1) SLIDES
Sorry for delay. I will be posting my slides shortly! I've been
reworking them and getting source code online. I will post here when
they are up.
2) ENCRYPTED SESSIONS
Most importantly, before any technical questions is "what threats are
you trying model"? and what type of data are you trying to protect?
(I ask since certain data, i.e. such as credit cards, have certain
standards). For example:
1) hacker "breaks in" and scans session data for ???
Username/Logins - This would be the most valuable data in the xml file.
2) hacker scans network traffic from database to php-app to get ???
It doesn't provide a web interface. And the XML wouldn't be served by
HTTP. This wouldn't be in web root.
3) hacker hijacks session and takes over another account
I wouldn't think so. Unless they hijack a tty. But honestly, if they
have root on the box we have other problems.
etc etc...
Then there are some product questions:
1) Do you have "user database" or are these just anonymous sessions?
Work sessions.
2) Is _all_ data in the session sensitive? Do you want an encrypted
XML file or an XML file with encrypted data? And why?
No. Just the username/password.
3) How much data per user per session is expected?
Not that much. 20k?
4) What is anticipated volume/growth of the website?
CL App.
5) Is this data, _just_ going to live in session? It's never going
into a database or other file? If not how do we protect those items?
Nope.
6) Do you need password recovery? Or what if the user forgets the
password the data is gone?
They'd have to create a new "session".
7) How are you currently storing session data (are sessions sticky to
a machine? or are sessions on a separate box)
Local.
From this a solution can be crafted. Maybe there is an simple out of
the box solution ( e.g.an <http://e.g.an> encrypted disk volume might
be all you need!). If you need more help, please contact me directly
thanks,
-- Nick Galbreath
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
On 12/10/07, * Gary Mort* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Speaking of encryption/decryption where the notes from the last
presentation posted up somewhere?
_______________________________________________
------------------------------------------------------------------------
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
