NYCPHP Meetup

[Nick Galbreath]

Hi, I'm the speaker from last week's NYPHP talk on cryptography.

1) SLIDES

Sorry for delay.  I will be posting my slides shortly!  I've been reworking
them and getting source code online.  I will post here when they are up.



2) ENCRYPTED SESSIONS


Most importantly, before any technical questions is "what threats are you
trying model"?  and what type of data are you trying to protect?  (I ask
since certain data, i.e. such as credit cards, have certain standards).  For
example:


1) hacker "breaks in" and scans session data for ???
2) hacker scans network traffic from database to php-app to get ???
3) hacker hijacks session and takes over another account


etc etc...


Then there are some product questions:

1) Do you have "user database" or are these just anonymous sessions?
2) Is _all_ data in the session sensitive?   Do you want an encrypted XML
file or an XML file with encrypted data?  And why?
3) How much data per user per session is expected?
4) What is anticipated volume/growth of the website?
5) Is this data, _just_ going to live in session?  It's never going into a
database or other file?  If not how do we protect those items?
6) Do you need password recovery?  Or what if the user forgets the password
the data is gone?
7) How are you currently storing session data (are sessions sticky to a
machine? or are sessions on a separate box)


>From this a solution can be crafted.  Maybe there is an simple out of the
box solution (e.g.an  encrypted disk volume might be all you need!). If you
need more help, please contact me directly

thanks,

-- Nick Galbreath
   nickg at modp.com


On 12/10/07, Gary Mort <bz-gmort at beezifies.com> wrote:
>
> Speaking of encryption/decryption where the notes from the last
> presentation posted up somewhere?
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20071210/c218801c/attachment.html>