A SecureTicket, or Ticket, consists of salt, hash, valid_until, public_flags, flags, data and "invisible" hashed entropy.

Tickets are symmetrically signed using SHA256-HMAC. Fields 'valid_until', 'flags' and 'data' may be optionally encrypted using AES128-CBC or TripleAES128-CBC. Values 'data' and 'entropy' may consist of arbitrary objects which are transparently pickled(serialized), optionally gzipped and of course securely signed.

Specific implementations are included:
FormTicket: provides core implementation of state-less Cross Site Request Forgery protection.

Other use cases include ticketing object param values pointing at URL:s or services in HTML-objects such as Flash or Java Applets. This adds server-side choises to be made while preventing users from using arbitrary values.

Severe testing is done and will be mandatory for core and every specific implementation. Every single bit is flipped and various ticket contents and flag combinations are permutated.

Project Activity

See All Activity >

Categories

Security, Cryptography

Follow tickets

tickets Web Site

Other Useful Business Software
Simple, Secure Domain Registration Icon
Simple, Secure Domain Registration

Get your domain at wholesale price. Cloudflare offers simple, secure registration with no markups, plus free DNS, CDN, and SSL integration.

Register or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
Sign up for free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of tickets!

Additional Project Details

Intended Audience

Developers

Programming Language

Python

Related Categories

Python Security Software, Python Cryptography Software

Registered

2011-12-28
Report inappropriate content