SPF v1.0.6 Released

Jan 26, 2010 at 5:43 AM
Edited Jan 26, 2010 at 7:15 AM

A new beta version of SPF has just been released.  This version includes the following small, but significant changes: 

1.  Version 1.4.0 B2 of HTML Agility Pack has been integrated into this version of SPF.  There are numerous quirks that users have experienced in the past with HTML parsing that were a result of bugs within the agility pack.  This new version should hopefully address most of them.  The final version of HAP 1.4.0 will be integrated into SPF as soon as it is released, but is not expected to be much different.   

2 . The way SPF internally generates its HMAC key has been rewritten to leverage the .NET PasswordDeriveBytes class from the System.Security.Cryptography namespace.  This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 standard to derive bytes suitable for use as key material from a password. The standard is documented in IETF RRC 2898.

3.  Last but not least is my favorite new feature of SPF.  There's a new core configuration option called "allowTokenChallenge" that defaults to false.  When set to true, SPF will challenge the user for HTTP Basic Authentication credentials in the event that the URL Token doesn't validate properly.  If supplied, the password portion of the credentials will be concatenated to the original URL token and SPF will re-attempt validation.  Essentially this feature allows you to "password protect" URLs that you can send to a 3rd party.  I'll be posting a write-up soon on how this feature can be used to build a secure file distribution server using SPF. 

As always, please post all bug reports or issues to this forum for support. 

Jul 5, 2010 at 4:12 PM

Hi bholyfield,

HTML Agility Pack 1.4.0 (Stable) was released Fri May 7 2010. Is there any plan to integrate it to the 1.0.6 (Stable) release of SPF?

And thanks for the excelent project and share to community!