Challenge/Response authentication
Dale Strickland-Clark
dale at riverhall.NOTHANKS.co.uk
Sat Jul 27 07:15:17 EDT 2002
Paul Rubin <phr-n2002b at NOSPAMnightsong.com> wrote:
>I'm still not clear on why you need challenge-response anyway though.
>Suppose the client just puts HMAC(current date/time, secret key) into
>the URL along with the date/time in hex. Then use the HTTP Referer
>header to figure out who the client is (or put that in the URL too)
>and authenticate the URL. By examining the date/time you can reject
>old/stale URL's.
Thanks. I'll chew this over.
I may be back.. :-)
--
Dale Strickland-Clark
Riverhall Systems Ltd
More information about the Python-list
mailing list