W3C home > Mailing lists > Public > public-forms@w3.org > September 2007

Re: new hash attribute for input ?

From: <Nick_Van_den_Bleeken@inventivegroup.com>
Date: Tue, 4 Sep 2007 23:10:49 +0200
To: "touche julien" <julien.touche@lycos.com>
Cc: public-forms@w3.org, public-forms-request@w3.org
Message-ID: <OFAB379D8D.FD548A1B-ONC125734C.0073E2A1-C125734C.007457F7@inventivegroup.com>

Hi Julien,

I hope that this is good news too.

We also added the hmac function[1], this function has as first parameter a 
key or shared secret and uses the HMAC algorithm. This allows you to 
protect your form against a replay attack.

Regards,

Nick Van den Bleeken  -  Research & Development
Inventive Designers
Phone: +32 - 3 - 8210170
Fax: +32 - 3 - 8210171
Email: Nick_Van_den_Bleeken@inventivegroup.com
[1] http://www.w3.org/TR/2007/WD-xforms11-20070222/#fn-hmac

public-forms-request@w3.org wrote on 09/04/2007 07:54:48 PM:

> 
> thanks for this good news, Nick. 
> 
> Sadly, it think an important option string, said the salt/nonce like
> in HTTP Digest Auth, so you can have a protection against replay attack. 

> Any plan to correct this ? 
> 
> thanks 
> regards 
> 
> 
> ---------[ Received Mail Content ]---------- 
> Subject : Re: new hash attribute for input ? 
> Date : Tue, 4 Sep 2007 08:46:40 +0200 
> From : Nick_Van_den_Bleeken@inventivegroup.com 
> To : Julien TOUCHE <julien.touche@lycos.com> 
> Cc : public-forms@w3.org, public-forms-request@w3.org 
> 
> Hi Julien, 
> 
> In XForms 1.1 we already added the digest function [1]. It allows you to 

> specify the hash algorithm like the "hash" attributes in webforms2. 
> 
> It also has an optional parameter that indicates the encoding parameter, 

> to let you overide the default base64 encoding with hex encoding. 
> 
> Regards, 
> 
> Nick Van den Bleeken - Research & Development 
> Inventive Designers 
> Phone: +32 - 3 - 8210170 
> Fax: +32 - 3 - 8210171 
> Email: Nick_Van_den_Bleeken@inventivegroup.com 
> 
> PS: The samples still use the old name (hash-encode) of the function, 
but 
> this already corrected in the cvs version of XForms 1.1. 
> 
> [1] http://www.w3.org/TR/2007/WD-xforms11-20070222/#fn-digest 



--------------------------------------------------

Inventive Designers' Email Disclaimer:

http://www.inventivedesigners.com/email-disclaimer
Received on Tuesday, 4 September 2007 21:11:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 October 2013 22:06:45 UTC