Forum OpenACS Development: Re: refactoring acs-mail-lite for use with imap
I should use it like this:
export_vars -sign -url <message_id> var1 var2 var3
And yet, how to retrieve?
As far as I can tell, to use ad_verify_signature, the data needs to be embedded in the email. And yet, the point is to *not* expose or publish the data external to the system.
Also, this grep doesn't find any examples besides docs to get hints from:
packages# grep -R " -sign" *
set value 123 set secret "secret phrase" set signature [ad_sign -max_age 600 -secret $secret $value] ad_verify_signature_with_expr -secret $secret $value $signature-gn
Where a url is supplied in an email for a user to get via a browser, standard export_vars -sign -url ... applies.
Where input requires authenticating a reply and obtaining associated form inputs, pass the uniqueID mapped to the inputs, where the uniqueID is signed using export_vars and adjusted to fit email message-id specs.
This keeps from leaking data, and message-id is re-generated using existing code.
Thank you, Gustaf!
That makes the implementation much cleaner.