Skip to Main Content
Secure Development for Mobile Apps
book

Secure Development for Mobile Apps

by J. D. Glaser
October 2014
Intermediate to advanced content levelIntermediate to advanced
472 pages
10h 44m
English
Auerbach Publications
Content preview from Secure Development for Mobile Apps
215
seCure sessIon storAge
$this->sessionKey is the secret encryption key, and needs to be set to
adequately long length, and stored in a secure, publicly inaccessible place (obviously
outside the web root directory).
$this->cryptCipher has been set to MCRYPT_BLOWFISH.
$this->$cryptMode set to MCRYPT_MODE_CBC.
$this->staticSalt was pregenerated using:
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH,
MCRYPT_MODE_CBC),
MCRYPT_DEV_URANDOM))
mcrypt_create_iv() is a Cryptographically Secure Pseudo Random
Number Generator (CSPRNG) that creates a very strong initialization vector, or
salt. e parameters used tell it to create an IV for Blowfish encryption using the
CBC cipher block. is is important. CBC is much stronger that EBC. CBC uses
salt. EBC ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Developing with Web Standards

Developing with Web Standards

John Allsopp
Mobile Cloud Computing

Mobile Cloud Computing

Dijiang Huang, Huijun Wu

Publisher Resources

ISBN: 9781482209037