Apache2::AuthTicket free download, Apache2::AuthTicket download on software download

	Apache2::AuthTicket Cookie based access module
Download

Apache2::AuthTicket Ranking & Summary

Rating:

License:
Perl Artistic License

Price:
FREE

Publisher Name:
Michael Schout

Publisher web site:
http://search.cpan.org/~mschout/

Apache2::AuthTicket Tags

Apache2::AuthTicket Description

Cookie based access module Apache2::AuthTicket is a Perl module that provides ticket based access control. The theory behind this is similar to the system described in the eagle book.This module works using HTTP cookies to check if a user is authorized to view a page. Apache2::AuthCookie is used as the underlying mechanism for managing cookies.This module was designed to be as extensible as possible. Its quite likely that you will want to create your own subclass of Apache2::AuthTicket in order to customize various aspects of this module (show your own versions of the forms, override database methods etc).This system uses cookies to authenticate users. When a user is authenticated through this system, they are issued a cookie consisting of the time, the username of the user, the expriation time of the cookie, a "secret" version (described later), and a cryptographic signature. The cryptographic signature is generated using the MD5 algorithm on the cookie data and a "secret" key that is read from a database. Each secret key also has a version number associated with it. This allows the site administrator to issue a new secret periodically without invalidating the current valid tickets. For example, the site administrator might periodically insert a new secret key into the databse periodically, and flush secrets that are more than 2 days old. Since the ticket issued to the user contains the secret version, the authentication process will still allow tickets to be authorized as long as the corresponding secrets exist in the ticket secrets table.The actual contents and length of secret data is left to the site administrator. A good choice might be to read data from /dev/random, unpack it into a hex string and save that.This system should be reasonably secure becuase the IP address of the end user is incorporated into the cryptographic signature. If the ticket were intercepted, then an attacker would have to steal the user's IP address in order to be able to use the ticket. Plus, since the tickets can expire automatically, we can be sure that the ticket is not valid for a long period of time. Finally, by using the Secure mode of Apache2::AuthCookie, the ticket is not passed over unencrypted connections. In order to attack this system, an attacker would have to exploit both the MD5 algorightm as well as SSL. Chances are, by the time the user could break both of these, the ticket would no longer be valid. Requirements: · Perl

Apache2::AuthTicket Related Software