in reply to Re^4: In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?
in thread In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?

You want to add a secret to your token, and then hash that. Send the client the token and the hash result.

When the user returns the token and the hash, you can recalculate the hash and check that it is valid.

This technique is described here: http://www.modperl.com/book/chapters/ch6.html#Cookie_Based_Access_Control

Clint

  • Comment on Re^5: In a web app, is using ssl, encrypting request data, and validating request data after decryption overkill?

In Section Seekers of Perl Wisdom