On Fri, 2005-04-22 at 13:59 -0600, Dan Brian wrote: > My point was that I don't need a CPAN module to verify hashes. Features > could include a mechanism for rotating a key on the servers being > accessed, IP verification ...
Key rotation would be nice. IP verification wouldn't be nice, unless you're using it for an intranet app. You can't expect people to use the same IP from one request to the next. > I didn't see anything on CPAN that does stuff like that, and wondered > if anybody had had experience with something "standard", or if this was > typically home-grown, as in my case. There's not much that I'm aware of on CPAN that is specifically geared to this. I think a lot of people use Apache::AuthCookie and subclasses of it. I like mod_auth_tkt because it can handle protecting pages at the proxy level and works across backend apps written in different languages. - Perrin
