Return-Path: Received: from linux.jann.com (mail.jann.com [63.65.102.2]) by isi1.istrat.com (8.11.6/8.11.6) with ESMTP id fBAI8xe05264 for ; Mon, 10 Dec 2001 12:08:59 -0600 Received: from localhost (mail@localhost) by linux.jann.com (8.11.0/8.11.0) with SMTP id fBAIIHr14109; Mon, 10 Dec 2001 10:18:17 -0800 Received: by linux.jann.com (bulk_mailer v1.13); Mon, 10 Dec 2001 10:18:07 -0800 Received: (from majordomo@localhost) by linux.jann.com (8.11.0/8.11.0) id fBAII6D14094; Mon, 10 Dec 2001 10:18:06 -0800 Received: from isi1.istrat.com (IDENT:root@[204.0.5.137]) by linux.jann.com (8.11.0/8.11.0) with ESMTP id fBAII6h14091 for ; Mon, 10 Dec 2001 10:18:06 -0800 Received: from sneeker (isi23.istrat.com [216.138.80.23]) by isi1.istrat.com (8.11.6/8.11.6) with SMTP id fBAI5ge05195; Mon, 10 Dec 2001 12:05:42 -0600 Reply-To: From: "Tommy Butler" To: "CGI List" Cc: "sherzodR" Subject: RE: [CGI] CGI-Authentication ( tutorial ) Date: Mon, 10 Dec 2001 12:22:18 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-cgi-list@jann.com X-List-From: "Tommy Butler" X-List-Unsubscribe-Address: majordomo@jann.com X-List-List: cgi-list Status: : -----Original Message----- : From: owner-cgi-list@jann.com [mailto:owner-cgi-list@jann.com]On Behalf : Of sherzodR : Sent: Saturday, December 08, 2001 1:18 PM : To: Perl-Cgis mailing list : Subject: [CGI] CGI-Authentication ( tutorial ) : : : : I was working on an authentication tutorial and I have a rough draft : available. : : http://www.ultracgis.com/articles/cgiauth/index.html : : Let's put all the knowledges and experiences together and fill : this out. Currently I have an overview of "Naive Authentication" method : and also a small tutorial on "Session Based Active Authentication" method : ( my favorite ). Any comments and editions are highly appreciated. If you : wish to add anything, please include your name and contact informaion : (preferably email address) to the notes. Thanks :-) : : http://www.ultracgis.com/articles/cgiauth/index.html : : Thanks I've developed some session-based user authentication software which uses some really sweet cyclic encryption algos in concert with one another, based on keys --like PGP or RSA which both brought a little to my encryption method. It completely encrypts form field names and values, and encrypts strings with keys, hashed against a multiplicity of variable data, as while maintaining individual user agent identities and sessions. The variable data is cyclically crypted against the systematically variable keys, keys which are methodically shifted through predefined algorithm sets to auto-generate a completely new algorithm (on the fly) during session initiation and subsequent stateful transactions. Variable attributes of the encrypted strings themselves will then determine the re-hashing cycles of the next crypting and decrypting. both the server side and client side. This is accomplished without any kind of IO or database usage to preserve state on the server side, and with no cookies on the client side. Using either POST and GET methods, I can safely implement extremely dense and variable encryption of sensitive data for safe transfer over non-SSL connections and without hacking into other namespaces (like CGI), or even without requiring other modules. Trouble is, this is all proprietary technology since I created it for my employer. Still, the idea of it all is what I think has some genuine benefits. I think that it could be potentially useful in many different types of implementation. -Tommy Butler, consultant Atrixnet, for Internet Business Software http://atrixnet.com 2200 North Lamar Suite 307 Dallas, TX 75202 -- Visit the open source Perl archives at Atrixnet http://www.atrixnet.com/pub/