tickets

A SecureTicket, or Ticket, consists of salt, hash, valid_until, public_flags, flags, data and "invisible" hashed entropy.

Tickets are symmetrically signed using SHA256-HMAC. Fields 'valid_until', 'flags' and 'data' may be optionally encrypted using AES128-CBC or TripleAES128-CBC. Values 'data' and 'entropy' may consist of arbitrary objects which are transparently pickled(serialized), optionally gzipped and of course securely signed.

Specific implementations are included:
FormTicket: provides core implementation of state-less Cross Site Request Forgery protection.

Other use cases include ticketing object param values pointing at URL:s or services in HTML-objects such as Flash or Java Applets. This adds server-side choises to be made while preventing users from using arbitrary values.

Severe testing is done and will be mandatory for core and every specific implementation. Every single bit is flipped and various ticket contents and flag combinations are permutated.

Project Activity

See All Activity >

Follow tickets

tickets Web Site

Other Useful Business Software

MongoDB Atlas runs apps anywhere

Deploy in 115+ regions with the modern database for every enterprise.

MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.

Start Free

Rate This Project

User Reviews

Be the first to post a review of tickets!

Additional Project Details

Intended Audience

Developers

Programming Language

Python

Related Categories

Python Security Software, Python Cryptography Software

Registered

2011-12-28

Similar Business Software

Proton Pass

Proton Pass is an open-source password manager based in Switzerland that encrypts your usernames, passwords, bank cards, and encrypted notes and lets users quickly autofill details across all devices and browsers. Proton Pass goes beyond keeping your password safe, it secures your online...

See Software
Proton VPN

Protect your business against damaging data breaches and easily comply with security frameworks like ISO 27001, GDPR, and HIPAA. Our software-only virtual private network easily integrates with your existing infrastructure to provide a flexible and scalable way to protect your...

See Software
Google Cloud Platform

Google Cloud is a cloud-based service that allows you to create anything from simple websites to complex applications for businesses of all sizes. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage...

See Software
Proton Mail

Proton Mail is the simplest way to protect your communications with built-in end-to-end encryption. Prevent data breaches, stay compliant with regulations like GDPR and HIPAA, and earn client trust. Protected by Swiss privacy laws and trusted by over 50,000 businesses, Proton Mail keeps your...

See Software
New Relic

There are an estimated 25 million engineers in the world across dozens of distinct functions. As every company becomes a software company, engineers are using New Relic to gather real-time insights and trending data about the performance of their software so they can be more resilient and...

See Software
Atera

Atera, the first and only Agentic AI platform for IT management, offers IT teams and MSPs a digital workforce of AI agents to preemptively and autonomously manage their entire IT operations. Its all-in-one platform combines RMM, helpdesk, ticketing, and automation to reduce downtime, improve...

See Software