perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Kolve <>
Subject mac_check in eagle book
Date Sun, 15 Apr 2001 23:19:46 GMT
I was wondering if someone could explain to me why in the eagle book it
is necessary to perform 
an md5 twice before sending a mac_check to a user of a number of
fields.  I read in the mod_perl book that this is done 'to prevent
technically savy users from appending data to the @fields'. 

my $mac_check = md5_hex($secret,
                    md5_hex(join '', $secret, @fields));  

What I am wondering is, what situation would a user be able to append
data to the fields? I believe if you change only one bit of the data,
the mac will change, so I am a little confused.



View raw message