I needed to create an authentication system to handle logins to my
mod_perl app via Flash and JS
My first thought was to use CRAM-MD5 , but there wasn't a way to do
that without relying on cookies or a db to handle the challenge
What I came up with was a Ticketless CRAM system (that uses md5 by
default, but can be extended to use sha1 or any other digester via a
subclass that has isolated all of the digest functions )
It creates a challenge in this format:
"%(time_start)s::%(seed)s::%(checksum)s"
where checksum is
MD5( $time_start . $seed . $site_secret )
Therefore:
the time window of validity can be controlled
there is no need to store / session stuff on the server
Any feedback would be greatly appreciated
I'm most concerned about:
a- Security Concerns
i. I sketched this out during brunch on a napkin. Please tear
apart if this is unsuitable for production
b- Module Design
i. the Authen::Ticketless package just wraps the CRAM subpackage
and is almost needless for that. I almost did this as
Authen::Ticketless::CRAM , and left the Authen::Ticketless namespace
empty
The SVN is here:
http://dev.2xlp.com/svn/mod_perl/Authen::Ticketless/trunk/
// Jonathan Vanasco
w. http://findmeon.com/user/jvanasco
e. [EMAIL PROTECTED]
| Founder/CEO - FindMeOn, Inc.
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Privacy Minded Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| Founder - RoadSound.com
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
