projects / platal.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17717c8) | patch
Implements PlSession::apiAuth. The authentication is based on a HMAC
authorVincent Zanotti <vincent.zanotti@m4x.org>
Mon, 3 Jan 2011 20:08:48 +0000 (21:08 +0100)
committerVincent Zanotti <vincent.zanotti@m4x.org>
Tue, 4 Jan 2011 01:26:34 +0000 (02:26 +0100)
commit8ebd6f86c4bba79239a927a123f1c4a2b4d807bf
tree5dcebef7ae8abf3ea794af74af939edc1f97054dtree | snapshot
parent17717c87461244343ee261ee7d5f1f39c585922fcommit | diff
Implements PlSession::apiAuth. The authentication is based on a HMAC
signature, which takes into account the resource, the payload, and the
current timestamp.

It effectively blocks any replay beyond "the same method, within 10
seconds", which is deemed an acceptable risk, as long as API methods are
idempotent.

Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
classes/xorgsession.php diff | blob | blame | history
configs/platal.ini diff | blob | blame | history
core diff | blob | blame | history
plat/al