[Project_owners] [OT] Some help needed

Arturo 'Buanzo' Busleiman buanzo at buanzo.com.ar
Mon Feb 12 12:09:38 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

I'm the owner of the enigform project:
http://linux-consulting.buanzo.com.ar/2007/02/openpgp-signing-of-http-post.html

Although I'm subscribed to the dev-extensions mailing list, and I've googled and read, and tried
many different ideas, I'm still not having luck solving a small issue.

If any of you is willing to help me out a little bit, then I'll greatly appreciatte it.

Basicly, Enigform uses GnuPG to digitally sign certain requests originated by a form submission.
Of course, only those forms that require that security measure are signed. Currently, Enigform
identifies those forms by checking if the POST body has a certain NAME/VALUE pair in it, but that's
not a very good approach. I want to extend the <FORM> tag with a security="OpenPGPSign" value, or
use a better enctype. If any of you has some spare time... I'll be damned happy to get your help :)

This thingy might be published by SANS, an article on freshmeat, and the OISSG (a security
organization), so any help will be, of course, publicly acknowledged :)

Once I/we fix that, I'll be able to publish enigform at last. I won't bother this list again with
pleas for help! Thanks for your time! (and thanks mozdev for an excellent application hosting site).

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Mail Hosting Seguro y Consultoria - http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF0MmCAlpOsGhXcE0RAivZAJ49a45xxrVxYrCo0mD9IimY+jUspwCdGv3Z
ETlyL/tRD5FHPxahnUlqaw8=
=NkyW
-----END PGP SIGNATURE-----


More information about the Project_owners mailing list