[pmwiki-users] Uninstalling EProtect
Joachim Durchholz
jo at durchholz.org
Thu Apr 14 16:22:07 CDT 2005
Patrick R. Michaud wrote:
>> This could be stripped down to a byte or two, but that would mean
>> that rot13 would have to go (even as a corner case of the
>> algorithm). That would allow a very nifty feature (namely deriving
>> the key from $ScriptURL, so different sites would most likely have
>> different keys, with no configuration effort for the site admin),
>> but would people mind if eProtect will not be configurable for
>> rot13 in the future?
>
> I think deriving from $ScriptUrl might cause problems, as $ScriptUrl
> often changes over the lifetime of a site.
No, not at all, provided the necessary information is sent with the
JavaScript.
> Why not just use a 2-byte random "salt" for the key of each address?
> That ought to provide plenty of obfuscation.
Oh, $ScriptUrl was intended to be used just as a salt anyway. (You say
"salt" where I said "key"; of course there aren't any keys in
obfuscation anyway.)
An easier way to get a salt would be the time() function, so I'll stick
with that. Simply take it modulo 256 and xor it with every character
would probably be most simple.
I hear no cries for rot13 yet. If it remains that way, I'll take the xor
route.
Regards,
Jo
More information about the pmwiki-users
mailing list