Comments on: Storing multiple privileges/settings in a single integer http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/ Because I want to be like the cool kids too Fri, 03 Feb 2012 05:39:00 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Øyvind Sean Kinsey http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/comment-page-1/#comment-153 Øyvind Sean Kinsey Wed, 02 Dec 2009 14:37:36 +0000 http://kinsey.no/blog/?p=168#comment-153 This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way - but if you want to, then yes, you could use hex-notation to specify the values. The follow-up post is already published, <a href="http://kinsey.no/blog/index.php/2009/11/17/modifying-privileges-stored-binary-using-extjs," target="_blank">http://kinsey.no/blog/index.php/2009/11/17/modify...</a> and gives an example on how one could view/modify such a value through using Javascript/ExtJs. As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do) This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way – but if you want to, then yes, you could use hex-notation to specify the values.

The follow-up post is already published, http://kinsey.no/blog/index.php/2009/11/17/modify… and gives an example on how one could view/modify such a value through using Javascript/ExtJs.

As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do)

]]> By: Øyvind Sean Kinsey http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/comment-page-1/#comment-579 Øyvind Sean Kinsey Wed, 02 Dec 2009 14:37:00 +0000 http://kinsey.no/blog/?p=168#comment-579 This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way - but if you want to, then yes, you could use hex-notation to specify the values. The follow-up post is already published, <a href="http://kinsey.no/blog/index.php/2009/11/17/modifying-privileges-stored-binary-using-extjs," rel="nofollow">http://kinsey.no/blog/index.php/2009/11/17/modify...</a> and gives an example on how one could view/modify such a value through using Javascript/ExtJs. As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do) This has nothing to do with obfuscating, only with the logic for storing and retrieving privilieges in the simplest way – but if you want to, then yes, you could use hex-notation to specify the values.

The follow-up post is already published, http://kinsey.no/blog/index.php/2009/11/17/modify… and gives an example on how one could view/modify such a value through using Javascript/ExtJs.

As always when it comes to enforcing security in a webapplication, this has to be done both on the server (to actually enforce the restriction) and on the client (to avoid the user trying to do something he wil not be able to do)

]]> By: Arthur Kay http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/comment-page-1/#comment-152 Arthur Kay Wed, 02 Dec 2009 14:25:12 +0000 http://kinsey.no/blog/?p=168#comment-152 Very cool idea... particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value. I may try to implement something like this in my own tool... I look forward to reading your follow-up post. Very cool idea… particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value.

I may try to implement something like this in my own tool… I look forward to reading your follow-up post.

]]> By: Arthur Kay http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/comment-page-1/#comment-578 Arthur Kay Wed, 02 Dec 2009 14:25:00 +0000 http://kinsey.no/blog/?p=168#comment-578 Very cool idea... particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value. I may try to implement something like this in my own tool... I look forward to reading your follow-up post. Very cool idea… particularly since client-side logic is inherently insecure. I suppose one could even go a step further and use hexadecimal values to further obfuscate the meanings of each value.

I may try to implement something like this in my own tool… I look forward to reading your follow-up post.

]]> By: » Modifying privileges stored binary using ExtJs http://kinsey.no/blog/index.php/2009/11/17/storing-multiple-privilegessettings-in-a-single-integer/comment-page-1/#comment-137 » Modifying privileges stored binary using ExtJs Tue, 17 Nov 2009 18:37:07 +0000 http://kinsey.no/blog/?p=168#comment-137 [...] an earlier post I showed you how to use binary operators to store multiple privileges/settings in a single integer [...] [...] an earlier post I showed you how to use binary operators to store multiple privileges/settings in a single integer [...]

]]>