Re: ticketing solutions

[prev] [thread] [next] [Date index for 2005/04/23]

From: Michael Schout
Subject: Re: ticketing solutions
Date: 00:35 on 23 Apr 2005

Dan Brian wrote:

> My point was that I don't need a CPAN module to verify hashes. Features
> could include a mechanism for rotating a key on the servers being
> accessed, IP verification ... and other features I can't think of. :-) 

Apache::AuthTicket does ip verification.

Not sure what you mean by "key rotation", but AuthTicket allows you to
change the "secret" key in the database periodically.  These are used to
verify that the ticket has not been tampered with.  You can have
multiple "secret" keys active at the same time, allowing tickets just
issued on the previous key to expire before you remove it from the database.

So, for example, you can issue new "secret" keys every 2 hours, and
delete all secret keys more than 6 hours old at the same time.
AuthTicket will always issue new tickets using the most recent secret key.

Not sure if this is the type of thing you are referring to, or if you
are looking for something else :).

Regards,
Michael Schout

ticketing solutions
Dan Brian 19:33 on 22 Apr 2005

Re: ticketing solutions
Michael Schout 19:43 on 22 Apr 2005

Re: ticketing solutions
Perrin Harkins 19:46 on 22 Apr 2005

Re: ticketing solutions
Dan Brian 19:59 on 22 Apr 2005

Re: ticketing solutions
Perrin Harkins 20:20 on 22 Apr 2005

Re: ticketing solutions
Michael Schout 00:35 on 23 Apr 2005

Re: ticketing solutions
Dan Brian 01:09 on 23 Apr 2005

Re: ticketing solutions
David Nicol 21:32 on 22 Apr 2005

Generated at 09:30 on 27 Apr 2005 by mariachi v0.52