On Wed, Jul 30, 2014 at 10:01:00AM -0700, Daevid Vincent wrote: > We have a service where we have a front end using Wordpress/Magento/custom > PHP code and a distributed backend using various other servers and > services from note.js, magento, mysql, c#, java, ms sqlserver, Apache, > etc. > > The idea is we want to have multiple UIs spread across different > geographies (different USA states, different countries, etc.) either user > selectable or load-balancer assigned [snip] You're probably familiar with the Luhn algorithm, used to validate credit card numbers. It's a relatively simple algorithm that determines whether a given credit card number is valid. (Not all numbers in the 12-16 digit credit card number space represent valid credit card numbers.) I have to wonder if there's a way to generate a token which looks like a hash, but which can be tested for certain characteristics to determine if it's valid for the purposes of determining if someone's logged in, without having to go all the way back to the login server's database. The hash itself might contain a component which limited its lifetime. It's just an idea. This is definitely way out of my zone of expertise. I leave encryption, hashing, etc. to people who know a lot more about it than I do. Only problem might be someone replicating a known good token. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
