My first thought was to use CRAM-MD5 , but there wasn't a way to do that without relying on cookies or a db to handle the challenge
What I came up with was a Ticketless CRAM system (that uses md5 by default, but can be extended to use sha1 or any other digester via a subclass that has isolated all of the digest functions )
It creates a challenge in this format: "%(time_start)s::%(seed)s::%(checksum)s" where checksum is MD5( $time_start . $seed . $site_secret ) Therefore: the time window of validity can be controlled there is no need to store / session stuff on the server Any feedback would be greatly appreciated I'm most concerned about: a- Security Concernsi. I sketched this out during brunch on a napkin. Please tear apart if this is unsuitable for production
b- Module Designi. the Authen::Ticketless package just wraps the CRAM subpackage and is almost needless for that. I almost did this as Authen::Ticketless::CRAM , and left the Authen::Ticketless namespace empty
The SVN is here: http://dev.2xlp.com/svn/mod_perl/Authen::Ticketless/trunk/ // Jonathan Vanasco w. http://findmeon.com/user/jvanasco e. suppressed | Founder/CEO - FindMeOn, Inc.| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder | Privacy Minded Web Identity Management and 3D Social Networking| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| Founder - RoadSound.com| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.