Animal Crackers and Cheese!!!
There are now about 100 media items on sickofschool, though the frontend is still not available. The whole backend is pretty cool!. The load time is excellent. I finally took upon myself the task of creating security taht I felt comfortable with for the backend. Using cookies is definitely the best way, but what does one send in the cookie? How does one prevent the cookie variable name, along with the data being used in a get request? The first question was easy! I knew that if the information was ever intercepted, like via ethereal or something, that it would be good if it could expire. I started out with a cookie named backend that held the day, the year, and the month. The cookie was named backend. The big problem with this cookie, is that the information therein could be used in a get request for a full day!!! It was like a free one day pass! Although, I ran everything through md5() before sending it, I knew this had to change. First, I renamed the cookie to AnimalCrackers and stored the time() in it. Then, I made another cookie, named cheese. In this I stored the remote address, so if it was intercepted, then the interceptor could not use it. Instead of just running this through md5(), I used a md5 encryption function and a 256-bit key I generated with openssl. Now, I know it is not the best security, but it will throw off all the script kitties, wannabe’s and n00bs. 