You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by ch...@apache.org on 2008/06/04 12:38:06 UTC
svn commit: r663053 - in /incubator/shindig/trunk/php: index.php
src/gadgets/samplecontainer/BasicBlobCrypter.php
Author: chabotc
Date: Wed Jun 4 03:38:06 2008
New Revision: 663053
URL: http://svn.apache.org/viewvc?rev=663053&view=rev
Log:
A little test with falling back on basic base64 encoding if plain text tokens are allowed and no mcrypt extension is available. Hope this will make it easier for people to get a basic dev env setup without banging their heads against the mcrypt dependency, which seems to be the main cause of trouble for most newcommers
Modified:
incubator/shindig/trunk/php/index.php
incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
Modified: incubator/shindig/trunk/php/index.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/index.php?rev=663053&r1=663052&r2=663053&view=diff
==============================================================================
--- incubator/shindig/trunk/php/index.php (original)
+++ incubator/shindig/trunk/php/index.php Wed Jun 4 03:38:06 2008
@@ -37,7 +37,10 @@
include_once ('config.php');
// basic sanity check if we have all required modules
-$modules = array('json', 'mcrypt', 'SimpleXML', 'libxml', 'curl');
+$modules = array('json', 'SimpleXML', 'libxml', 'curl');
+if (!Config::get('allow_plaintext_token')) {
+ $modules[] = 'mcrypt';
+}
foreach ($modules as $module) {
if (!extension_loaded($module)) {
die("Shindig requires the {$module} extention, see <a href='http://www.php.net/{$module}'>http://www.php.net/{$module}</a> for more info");
Modified: incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php?rev=663053&r1=663052&r2=663053&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php (original)
+++ incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php Wed Jun 4 03:38:06 2008
@@ -40,12 +40,16 @@
public function wrap(Array $in)
{
$encoded = $this->serializeAndTimestamp($in);
- $cipherText = Crypto::aes128cbcEncrypt($this->cipherKey, $encoded);
+ if (!function_exists('mcrypt_module_open') && Config::get('allow_plaintext_token')) {
+ $cipherText = base64_encode($encoded);
+ } else {
+ $cipherText = Crypto::aes128cbcEncrypt($this->cipherKey, $encoded);
+ }
$hmac = Crypto::hmacSha1($this->hmacKey, $cipherText);
$b64 = base64_encode($cipherText . $hmac);
return $b64;
}
-
+
private function serializeAndTimestamp(Array $in)
{
$encoded = "";
@@ -78,7 +82,11 @@
$cipherText = substr($bin, 0, strlen($bin) - Crypto::$HMAC_SHA1_LEN);
$hmac = substr($bin, strlen($cipherText));
Crypto::hmacSha1Verify($this->hmacKey, $cipherText, $hmac);
- $plain = Crypto::aes128cbcDecrypt($this->cipherKey, $cipherText);
+ if (!function_exists('mcrypt_module_open') && Config::get('allow_plaintext_token')) {
+ $plain = base64_decode($cipherText);
+ } else {
+ $plain = Crypto::aes128cbcDecrypt($this->cipherKey, $cipherText);
+ }
$out = $this->deserialize($plain);
$this->checkTimestamp($out, $maxAgeSec);
}
Re: svn commit: r663053 - in /incubator/shindig/trunk/php: index.php src/gadgets/samplecontainer/BasicBlobCrypter.php
Posted by Ropu <ro...@gmail.com>.
+1
we can have a "ready for production" code, and a "debugger mode"
or at least something that allows that easily
On Wed, Jun 4, 2008 at 10:05 AM, Chris Chabot <ch...@xs4all.nl> wrote:
> Smart thinking, will do.
>
> Oh ps on your work to implement this for your client, feel free to remove
> those module checks completely. Their surprisingly light weight and don't
> impact performance at all as far as i could measure, but it's still some
> operations for each page request that aren't really required on a production
> server..
>
> One of these day's i'll rework the config keys a bit and have one big
> 'live_site' switch in it i think, and hang such things as debug output,
> checking for php dependencies, allowing insecure tokens, etc all wired up to
> this one setting
>
>
> On Jun 4, 2008, at 6:59 PM, Ropu wrote:
>
> Chris, add the memcache module if the config file for cache is
>> CacheMemcache.
>> if u want, i can add a patch for this, but is super simple :P
>>
>>
>> ropu
>>
>> On Wed, Jun 4, 2008 at 3:38 AM, <ch...@apache.org> wrote:
>>
>> Author: chabotc
>>> Date: Wed Jun 4 03:38:06 2008
>>> New Revision: 663053
>>>
>>> URL: http://svn.apache.org/viewvc?rev=663053&view=rev
>>> Log:
>>> A little test with falling back on basic base64 encoding if plain text
>>> tokens are allowed and no mcrypt extension is available. Hope this will
>>> make
>>> it easier for people to get a basic dev env setup without banging their
>>> heads against the mcrypt dependency, which seems to be the main cause of
>>> trouble for most newcommers
>>>
>>> Modified:
>>> incubator/shindig/trunk/php/index.php
>>>
>>>
>>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
>>>
>>> Modified: incubator/shindig/trunk/php/index.php
>>> URL:
>>>
>>> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/index.php?rev=663053&r1=663052&r2=663053&view=diff
>>>
>>>
>>> ==============================================================================
>>> --- incubator/shindig/trunk/php/index.php (original)
>>> +++ incubator/shindig/trunk/php/index.php Wed Jun 4 03:38:06 2008
>>> @@ -37,7 +37,10 @@
>>> include_once ('config.php');
>>>
>>> // basic sanity check if we have all required modules
>>> -$modules = array('json', 'mcrypt', 'SimpleXML', 'libxml', 'curl');
>>> +$modules = array('json', 'SimpleXML', 'libxml', 'curl');
>>> +if (!Config::get('allow_plaintext_token')) {
>>> + $modules[] = 'mcrypt';
>>> +}
>>> foreach ($modules as $module) {
>>> if (!extension_loaded($module)) {
>>> die("Shindig requires the {$module} extention, see <a href='
>>> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D> <
>>> http://www.php.net/%7B$module%7D>'>
>>> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D> <
>>> http://www.php.net/%7B$module%7D></a> for
>>>
>>> more info");
>>>
>>> Modified:
>>>
>>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
>>> URL:
>>>
>>> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php?rev=663053&r1=663052&r2=663053&view=diff
>>>
>>>
>>> ==============================================================================
>>> ---
>>>
>>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
>>> (original)
>>> +++
>>>
>>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
>>> Wed Jun 4 03:38:06 2008
>>> @@ -40,12 +40,16 @@
>>> public function wrap(Array $in)
>>> {
>>> $encoded = $this->serializeAndTimestamp($in);
>>> - $cipherText = Crypto::aes128cbcEncrypt($this->cipherKey,
>>> $encoded);
>>> + if (!function_exists('mcrypt_module_open') &&
>>> Config::get('allow_plaintext_token')) {
>>> + $cipherText = base64_encode($encoded);
>>> + } else {
>>> + $cipherText =
>>> Crypto::aes128cbcEncrypt($this->cipherKey, $encoded);
>>> + }
>>> $hmac = Crypto::hmacSha1($this->hmacKey, $cipherText);
>>> $b64 = base64_encode($cipherText . $hmac);
>>> return $b64;
>>> }
>>> -
>>> +
>>> private function serializeAndTimestamp(Array $in)
>>> {
>>> $encoded = "";
>>> @@ -78,7 +82,11 @@
>>> $cipherText = substr($bin, 0, strlen($bin) -
>>> Crypto::$HMAC_SHA1_LEN);
>>> $hmac = substr($bin, strlen($cipherText));
>>> Crypto::hmacSha1Verify($this->hmacKey, $cipherText,
>>> $hmac);
>>> - $plain =
>>> Crypto::aes128cbcDecrypt($this->cipherKey,
>>> $cipherText);
>>> + if (!function_exists('mcrypt_module_open') &&
>>> Config::get('allow_plaintext_token')) {
>>> + $plain = base64_decode($cipherText);
>>> + } else {
>>> + $plain =
>>> Crypto::aes128cbcDecrypt($this->cipherKey, $cipherText);
>>> + }
>>> $out = $this->deserialize($plain);
>>> $this->checkTimestamp($out, $maxAgeSec);
>>> }
>>>
>>>
>>>
>>>
>>
>> --
>> .-. --- .--. ..-
>> R o p u
>>
>
>
--
.-. --- .--. ..-
R o p u
Re: svn commit: r663053 - in /incubator/shindig/trunk/php: index.php src/gadgets/samplecontainer/BasicBlobCrypter.php
Posted by Chris Chabot <ch...@xs4all.nl>.
Smart thinking, will do.
Oh ps on your work to implement this for your client, feel free to
remove those module checks completely. Their surprisingly light weight
and don't impact performance at all as far as i could measure, but
it's still some operations for each page request that aren't really
required on a production server..
One of these day's i'll rework the config keys a bit and have one big
'live_site' switch in it i think, and hang such things as debug
output, checking for php dependencies, allowing insecure tokens, etc
all wired up to this one setting
On Jun 4, 2008, at 6:59 PM, Ropu wrote:
> Chris, add the memcache module if the config file for cache is
> CacheMemcache.
> if u want, i can add a patch for this, but is super simple :P
>
>
> ropu
>
> On Wed, Jun 4, 2008 at 3:38 AM, <ch...@apache.org> wrote:
>
>> Author: chabotc
>> Date: Wed Jun 4 03:38:06 2008
>> New Revision: 663053
>>
>> URL: http://svn.apache.org/viewvc?rev=663053&view=rev
>> Log:
>> A little test with falling back on basic base64 encoding if plain
>> text
>> tokens are allowed and no mcrypt extension is available. Hope this
>> will make
>> it easier for people to get a basic dev env setup without banging
>> their
>> heads against the mcrypt dependency, which seems to be the main
>> cause of
>> trouble for most newcommers
>>
>> Modified:
>> incubator/shindig/trunk/php/index.php
>>
>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/
>> BasicBlobCrypter.php
>>
>> Modified: incubator/shindig/trunk/php/index.php
>> URL:
>> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/index.php?rev=663053&r1=663052&r2=663053&view=diff
>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- incubator/shindig/trunk/php/index.php (original)
>> +++ incubator/shindig/trunk/php/index.php Wed Jun 4 03:38:06 2008
>> @@ -37,7 +37,10 @@
>> include_once ('config.php');
>>
>> // basic sanity check if we have all required modules
>> -$modules = array('json', 'mcrypt', 'SimpleXML', 'libxml', 'curl');
>> +$modules = array('json', 'SimpleXML', 'libxml', 'curl');
>> +if (!Config::get('allow_plaintext_token')) {
>> + $modules[] = 'mcrypt';
>> +}
>> foreach ($modules as $module) {
>> if (!extension_loaded($module)) {
>> die("Shindig requires the {$module} extention, see <a
>> href='
>> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D>'>
>> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D></a>
>> for
>> more info");
>>
>> Modified:
>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/
>> BasicBlobCrypter.php
>> URL:
>> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php?rev=663053&r1=663052&r2=663053&view=diff
>>
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> ---
>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/
>> BasicBlobCrypter.php
>> (original)
>> +++
>> incubator/shindig/trunk/php/src/gadgets/samplecontainer/
>> BasicBlobCrypter.php
>> Wed Jun 4 03:38:06 2008
>> @@ -40,12 +40,16 @@
>> public function wrap(Array $in)
>> {
>> $encoded = $this->serializeAndTimestamp($in);
>> - $cipherText = Crypto::aes128cbcEncrypt($this-
>> >cipherKey,
>> $encoded);
>> + if (!function_exists('mcrypt_module_open') &&
>> Config::get('allow_plaintext_token')) {
>> + $cipherText = base64_encode($encoded);
>> + } else {
>> + $cipherText =
>> Crypto::aes128cbcEncrypt($this->cipherKey, $encoded);
>> + }
>> $hmac = Crypto::hmacSha1($this->hmacKey, $cipherText);
>> $b64 = base64_encode($cipherText . $hmac);
>> return $b64;
>> }
>> -
>> +
>> private function serializeAndTimestamp(Array $in)
>> {
>> $encoded = "";
>> @@ -78,7 +82,11 @@
>> $cipherText = substr($bin, 0, strlen($bin) -
>> Crypto::$HMAC_SHA1_LEN);
>> $hmac = substr($bin, strlen($cipherText));
>> Crypto::hmacSha1Verify($this->hmacKey,
>> $cipherText,
>> $hmac);
>> - $plain = Crypto::aes128cbcDecrypt($this-
>> >cipherKey,
>> $cipherText);
>> + if (!function_exists('mcrypt_module_open') &&
>> Config::get('allow_plaintext_token')) {
>> + $plain = base64_decode($cipherText);
>> + } else {
>> + $plain =
>> Crypto::aes128cbcDecrypt($this->cipherKey, $cipherText);
>> + }
>> $out = $this->deserialize($plain);
>> $this->checkTimestamp($out, $maxAgeSec);
>> }
>>
>>
>>
>
>
> --
> .-. --- .--. ..-
> R o p u
Re: svn commit: r663053 - in /incubator/shindig/trunk/php: index.php src/gadgets/samplecontainer/BasicBlobCrypter.php
Posted by Ropu <ro...@gmail.com>.
Chris, add the memcache module if the config file for cache is
CacheMemcache.
if u want, i can add a patch for this, but is super simple :P
ropu
On Wed, Jun 4, 2008 at 3:38 AM, <ch...@apache.org> wrote:
> Author: chabotc
> Date: Wed Jun 4 03:38:06 2008
> New Revision: 663053
>
> URL: http://svn.apache.org/viewvc?rev=663053&view=rev
> Log:
> A little test with falling back on basic base64 encoding if plain text
> tokens are allowed and no mcrypt extension is available. Hope this will make
> it easier for people to get a basic dev env setup without banging their
> heads against the mcrypt dependency, which seems to be the main cause of
> trouble for most newcommers
>
> Modified:
> incubator/shindig/trunk/php/index.php
>
> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
>
> Modified: incubator/shindig/trunk/php/index.php
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/index.php?rev=663053&r1=663052&r2=663053&view=diff
>
> ==============================================================================
> --- incubator/shindig/trunk/php/index.php (original)
> +++ incubator/shindig/trunk/php/index.php Wed Jun 4 03:38:06 2008
> @@ -37,7 +37,10 @@
> include_once ('config.php');
>
> // basic sanity check if we have all required modules
> -$modules = array('json', 'mcrypt', 'SimpleXML', 'libxml', 'curl');
> +$modules = array('json', 'SimpleXML', 'libxml', 'curl');
> +if (!Config::get('allow_plaintext_token')) {
> + $modules[] = 'mcrypt';
> +}
> foreach ($modules as $module) {
> if (!extension_loaded($module)) {
> die("Shindig requires the {$module} extention, see <a href='
> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D>'>
> http://www.php.net/{$module} <http://www.php.net/%7B$module%7D></a> for
> more info");
>
> Modified:
> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
> URL:
> http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php?rev=663053&r1=663052&r2=663053&view=diff
>
> ==============================================================================
> ---
> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
> (original)
> +++
> incubator/shindig/trunk/php/src/gadgets/samplecontainer/BasicBlobCrypter.php
> Wed Jun 4 03:38:06 2008
> @@ -40,12 +40,16 @@
> public function wrap(Array $in)
> {
> $encoded = $this->serializeAndTimestamp($in);
> - $cipherText = Crypto::aes128cbcEncrypt($this->cipherKey,
> $encoded);
> + if (!function_exists('mcrypt_module_open') &&
> Config::get('allow_plaintext_token')) {
> + $cipherText = base64_encode($encoded);
> + } else {
> + $cipherText =
> Crypto::aes128cbcEncrypt($this->cipherKey, $encoded);
> + }
> $hmac = Crypto::hmacSha1($this->hmacKey, $cipherText);
> $b64 = base64_encode($cipherText . $hmac);
> return $b64;
> }
> -
> +
> private function serializeAndTimestamp(Array $in)
> {
> $encoded = "";
> @@ -78,7 +82,11 @@
> $cipherText = substr($bin, 0, strlen($bin) -
> Crypto::$HMAC_SHA1_LEN);
> $hmac = substr($bin, strlen($cipherText));
> Crypto::hmacSha1Verify($this->hmacKey, $cipherText,
> $hmac);
> - $plain = Crypto::aes128cbcDecrypt($this->cipherKey,
> $cipherText);
> + if (!function_exists('mcrypt_module_open') &&
> Config::get('allow_plaintext_token')) {
> + $plain = base64_decode($cipherText);
> + } else {
> + $plain =
> Crypto::aes128cbcDecrypt($this->cipherKey, $cipherText);
> + }
> $out = $this->deserialize($plain);
> $this->checkTimestamp($out, $maxAgeSec);
> }
>
>
>
--
.-. --- .--. ..-
R o p u