HMAC

  The hash is generated by the client using the client specific secret key using the hash_hmac inbuilt method.  This hashed value is included in the request header. Request which include this hash value also have a time stamp field set. The server generates it's own hash based on the request content and the client specific key(… Continue reading HMAC

CSRF

Read this. Identifying Source Origin To identify the source origin, we recommend using one of these two standard headers that almost all requests include one or both of: Origin Header Referer Header Synchronizer (CSRF) Tokens -  The synchronizer token pattern requires the generation of random "challenge" tokens (anti-CSRF tokens) that are associated with the user’s… Continue reading CSRF

Shuffle an array

The general method for shuffling is biased. Check this - https://spin.atomicobject.com/2014/08/11/fisher-yates-shuffle-randomization-algorithm/ and http://www.i-programmer.info/programming/theory/2744-how-not-to-shuffle-the-kunth-fisher-yates-algorithm.html When shuffling the maximum number of possible outcome can't be more then n!( n is the number of items being shuffled). So if the algo generate more then n! possible outcome then the algo is biased. The Knuth Fisher-Yates Algorithm produces unbiased shuffled outcome. It… Continue reading Shuffle an array