From: paulr <me@pjr.cc>
Date: Tue, 23 Nov 2010 06:19:21 +0000 (+1100)
Subject: active directory text and stuff
X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=e49465df93deb42c68a52f47af9b3d5d02e114d6

active directory text and stuff
---

diff --git a/example/activedirectory/extend.php b/example/activedirectory/extend.php
index a551202..43ff589 100644
--- a/example/activedirectory/extend.php
+++ b/example/activedirectory/extend.php
@@ -3,6 +3,7 @@
 require_once("../../lib/ga4php.php");
 
 // TODO: This code works, but needs to be fixed and commented properly
+// TODO: setup encryption into AD
 
 
 // define our token class
diff --git a/example/activedirectory/index.php b/example/activedirectory/index.php
index bf25053..c58a44b 100644
--- a/example/activedirectory/index.php
+++ b/example/activedirectory/index.php
@@ -4,7 +4,16 @@
  * AD has several attributes you can use for storing your own data, and
  * thats what we use
  * 
- * This is only the beginning code, 
+ * This is only the beginning code, for starters we need some way of encrypting
+ * the data we put in AD cause the extensionAttributes1-15 are globally readable
+ * and thus the token is completely insecure. This is easy to fix though as the
+ * encryption just needs to be a static set key within the class that puts/gets
+ * data. At least, for the example we should set a GOOD example and do this
+ * other implementations might even want to implement their own schema such that
+ * permissions around that token key are strict in the schema, however encrypting
+ * the data is not a bad idea. The key for the encrypted data can be very long
+ * and very random as its not designed for user interaction, though it should be
+ * backed up occasionally
  */
 
 // set these