|
Web Programming Forum |
Using php include
I'm placing a menu at the top of all my web pages and I will be making frequent additions to it. I don't want to make the changes to every web page every time I add or change the menu...
PHP on windows server - w/windows scheduler
First, when this code is ran from the Browser it runs fine. When it runs from the scheduler it also runs fine, however the xml files are saved into the PHP folder and not the websites folder...
Cookie how to in PHP
Cookies are a very useful mechanism to remember information. HTTP protocol is stateless protocol that is, once a page is requested by the client and served by the server, no information is kept. That is where cookies come into the scene. Cookies allow you to store information on the user’s hard disk...
|
|
10.04.05
Overview Of XML Encryption
by Pawan Bangar
XML encryption classifies a course of action for encrypting plain text data, generating ciphertext, and decrypting the ciphertext to retrieve the plaintext data.
Both the <EncryptionMethod> and <KeyInfo> are optional i.e. the sender and receiver may agree on the encryption method and key in advance. Several elements use the definitions from the DSIG.
If the recipient does not know the decryption key in advance, then the sender generates and sends it. The key can be protected in transit by encrypting method or key agreement.
If the plaintext data to encrypt is an XML element or content, you encode it using UTF-8 and perform any necessary transforms to it, otherwise, if it is an external resource, you simply consider it as an octet sequence. You then encrypt the data, creating CipherValue, which you place in EncryptedData.
Care must be taken when signing content that may later be encrypted; clearly; the content must be restored to exactly the original plaintext form for the signature to validate properly. To restore the plaintext in the signed content, use the decryption transform method for XML signature defined by the XML encrypt joint W3C and IETF working group.
This transform also allows specifications of XML fragments that were encrypted and then signed with rest of the document and, therefore, are not decrypted to validate the signature. Often, encrypted fragments are removed from the signed information by using the XPATH transform in the reference element, since the meaningful information is the plaintext.
We can sign the plaintext version of an encrypted element by including the appropriate reference element pointing to it. When the signed document is confidential and encrypted after being signed, you should also protect against surreptitious forwarding in which the recipient forwards the signed confidential document to a competitor, encrypted by the competitor public key, trying to make it look as if the sender sent the confidential information. To prevent surreptitious forwarding, the signer should append the recipient identities to the document being signed.
If the recipient does not know the decryption key in advance, then the sender generates and sends it. The key can be protected in transit by encrypting method or key agreement.
If the plaintext data to encrypt is an XML element or content, you encode it using UTF-8 and perform any necessary transforms to it, otherwise, if it is an external resource, you simply consider it as an octet sequence. You then encrypt the data, creating CipherValue, which you place in EncryptedData.
Care must be taken when signing content that may later be encrypted; clearly; the content must be restored to exactly the original plaintext form for the signature to validate properly. To restore the plaintext in the signed content, use the decryption transform method for XML signature defined by the XML encrypt joint W3C and IETF working group.
This transform also allows specifications of XML fragments that were encrypted and then signed with rest of the document and, therefore, are not decrypted to validate the signature. Often, encrypted fragments are removed from the signed information by using the XPATH transform in the reference element, since the meaningful information is the plaintext.
We can sign the plaintext version of an encrypted element by including the appropriate reference element pointing to it. When the signed document is confidential and encrypted after being signed, you should also protect against surreptitious forwarding in which the recipient forwards the signed confidential document to a competitor, encrypted by the competitor public key, trying to make it look as if the sender sent the confidential information. To prevent surreptitious forwarding, the signer should append the recipient identities to the document being signed.
DataDirect touts productivity, performance, and interoperability as strengths in the XQuery product. Those strengths should allow for the construction of applications that best implement standards-based data integration, the company states.
"Most XQuery implementations either work only with XML files in memory, or are bound to a particular database or application server - these are serious restrictions if your organization or partners have different databases, require scalability, or need to integrate with legacy data," said Jerry King, Vice President of the XML Products Group at DataDirect.
About
the Author:
Presently working in the capacity of the Technical Director of Birbals, an e-consulting firm based in India dedicated in providing innovative and effective web, Hospitality and consultancy services to public, private and non-profit organizations. Successfully founded Birbals and other IT companies like Ebirbals and SeoBirbals. |
