[nycphp-talk] sessions and load balancing
George Schlossnagle
george at omniti.com
Mon Nov 8 17:24:30 EST 2004
On Nov 8, 2004, at 5:22 PM, Adam Maccabee Trachtenberg wrote:
> On Mon, 8 Nov 2004, George Schlossnagle wrote:
>
>> You can encrypt or sign it as well, reducing a users ability to
>> inspect
>> or (successfully) tamper with the cookies contents.
>
> Yes. This is the route to go if you're using cookies. Recipe 9.3 of
> PHP Cookbook has code to do with for forms using md5(), but it's easy
> to modify this for cookies.
That works fine for tamper-resistance. If you want to eliminate
inspection, you should use a cypher like 3des, sha or blowfish.
George
More information about the talk
mailing list