php - Asymetric and symetric key storage -


i'm working on ajax portal , need advice. client wants secure doesn't want deal ssl. there no ultra sensitive data store i'm doing custom "handshake" when page initializes.

since every session i'm dealing 2 new sets of asymetric key , symetric 1 well, want know how handle these keys. going reside on shared host , i've read everywhere session file can't trusted in case...

right i'm storing info in session file pointing right keys, in database. works fine (well, think :))... want delete keys database when user session ends, don't end tables filled useless keys.

even if knew bad, tried ajax call when closing window/browser... indeed bad , inconsistent, option out of way. thought cron job erase every key dating more couple of days, kind of feels "unfinished" me...

my question is: i'm wondering how ssl handles keys? stored while user session lasts? how deal/would deal this?

edit

yep, should have known question lead that.

i know ssl best option , own regret have coded application. i'll talk more client it, have little hopes. if still wants go http, won't risk loose contract proove point , i'll have alternative protect unsensitive data (login info kinda, no credit card...).

yes, "fairly secure" appropriate since no system secure. "fairly secure" means wannabe hacker downloaded wireshark, or watched video on youtube man in middle attack won't able in. lot better multi billions gaming companies been put shame teenagers.

the correct answer goes nasko answered part of question , made obvious recommendation, without being cocky @ that.

ssl generates symmetric key each handshake completes , stores in memory (unless session cache written disk).

that said, suggest avoid doing own crypto protocol, since bound make mistake. best crypto people make mistakes, wouldn't recommend doing sake of doing it.

figure out problems client perceives ssl , address those. way use standard technology proven work , customer happy @ end.


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more