in reply to Re: Is this a secure way to prevent cookie tampering
in thread Is this a secure way to prevent cookie tampering

This is almost the same as Digest::HMAC, except that it uses the same $secret for each hash computation.

The choice of an empty string in the join is not good, though. Do you really want to produce the same authenticator for these two inputs? 

@fields1 = ( "foobar", "baz" );
@fields2 = ( "foo", "barbaz" );

[download]

Replies are listed 'Best First'.
Re^3: Is this a secure way to prevent cookie tampering
by jayrom (Pilgrim) on Jun 30, 2004 at 17:39 UTC
    Very good point!
    Proves that you should never trust code even from the accepted gurus.
    Shame on me ;-)

    jayrom

[reply]

In Section Seekers of Perl Wisdom