Talk:Litmus:Web Services: Difference between revisions
Jump to navigation
Jump to search
ChrisCooper (talk | contribs) (Using token) |
ChrisCooper (talk | contribs) |
||
| Line 32: | Line 32: | ||
I like your approach of hashing the whole message, but I don't think we need to use a separate token to do so. If it's not being sent over the wire, could we not simply use the password as the salt? Saves creating and maintaining another piece of sensitive user data. | I like your approach of hashing the whole message, but I don't think we need to use a separate token to do so. If it's not being sent over the wire, could we not simply use the password as the salt? Saves creating and maintaining another piece of sensitive user data. | ||
[[User:ChrisCooper|coop]] 19:30, 11 Nov 2005 (PST) | |||
Revision as of 03:30, 12 November 2005
should the attribute of the testresult be password or digital signature?
The password should be some hashed version of password if any. I would separate the platform information into a tag bay itself and added a signature at the end of test results.
<testresults>
<sender
username="foo@bar" />
<environment
useragent="blah"
platform="bar"
opsys="sys"
branch="branch"
buildid="bid" />
<result testid="123" result="result">
<comment>Optional Comment Goes Here</comment>
<!-- I don't understand the bits in process_test.cgi about bugs, so I've
left that part out for the moment -->
</result>
<authentication
signature="signed MAC of all tags above" />
</testresults>
Using token
I like your approach of hashing the whole message, but I don't think we need to use a separate token to do so. If it's not being sent over the wire, could we not simply use the password as the salt? Saves creating and maintaining another piece of sensitive user data.
coop 19:30, 11 Nov 2005 (PST)