File: system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt

Recommend this page to a friend!
  Classes of Dimitri Sitchet  >  dframework  >  system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt  >  Download  
File: system/dependencies/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
Role: Documentation
Content type: text/plain
Description: Documentation
Class: dframework
Framework to build PHP applications
Author: By
Last change:
Date: 5 months ago
Size: 978 bytes


Class file image Download
TYPE: string/null
VERSION: 3.1.1
    This directive enables secure checksum generation along with %URI.Munge.
    It should be set to a secure key that is not shared with anyone else.
    The checksum can be placed in the URI using %t. Use of this checksum
    affords an additional level of protection by allowing a redirector
    to check if a URI has passed through HTML Purifier with this line:

<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>

    If the output is TRUE, the redirector script should accept the URI.

    Please note that it would still be possible for an attacker to procure
    secure hashes en-mass by abusing your website's Preview feature or the
    like, but this service affords an additional level of protection
    that should be combined with website blacklisting.

    Remember this has no effect if %URI.Munge is not on.
--# vim: et sw=4 sts=4
For more information send a message to info at phpclasses dot org.