Re: ticketing solutions

[prev] [thread] [next] [Date index for 2005/04/23]

Thanks all; I'll look at the solutions mentioned!

On Apr 22, 2005, at 6:35 PM, Michael Schout wrote:

> Dan Brian wrote:
>
>> My point was that I don't need a CPAN module to verify hashes. 
>> Features
>> could include a mechanism for rotating a key on the servers being
>> accessed, IP verification ... and other features I can't think of. :-)
>
> Apache::AuthTicket does ip verification.
>
> Not sure what you mean by "key rotation", but AuthTicket allows you to
> change the "secret" key in the database periodically.  These are used 
> to
> verify that the ticket has not been tampered with.  You can have
> multiple "secret" keys active at the same time, allowing tickets just
> issued on the previous key to expire before you remove it from the 
> database.
>
> So, for example, you can issue new "secret" keys every 2 hours, and
> delete all secret keys more than 6 hours old at the same time.
> AuthTicket will always issue new tickets using the most recent secret 
> key.
>
> Not sure if this is the type of thing you are referring to, or if you
> are looking for something else :).
>
> Regards,
> Michael Schout