USGS - science for a changing world

Techniques and Methods 7–B1

Published 2008
Online Only

Chapter 1 of
Book 7, Automated Data Processing and Computations
Section B, Web Applications

cover

Secure Web-Site Access with Tickets and Message-Dependent Digests

Eastern Geographic Science Center

By David I. Donato

Abstract

Although there are various methods for restricting access to documents stored on a World Wide Web (WWW) site (a Web site), none of the widely used methods is completely suitable for restricting access to Web applications hosted on an otherwise publicly accessible Web site. A new technique, however, provides a mix of features well suited for restricting Web-site or Web-application access to authorized users, including the following: secure user authentication, tamper-resistant sessions, simple access to user state variables by server-side applications, and clean session terminations. This technique, called message-dependent digests with tickets, or MDDT, maintains secure user sessions by passing single-use nonces (tickets) and message-dependent digests of user credentials back and forth between client and server. Appendix 2 provides a working implementation of MDDT with PHP server-side code and JavaScript client-side code.

Suggested citation:

Donato, D.I., 2008, Secure Web-site access with tickets and message-dependent digests: U.S. Geological Survey Techniques and Methods, book 7, chap. B1, 53 p., available online only at https://pubs.usgs.gov/tm/tm7b1/.

This report is available online in Portable Document Format (PDF). If you do not have the Adobe Acrobat PDF Reader, it is available for free download from Adobe Systems Incorporated.

Download the report (PDF, 959 KB)

Document Accessibility: Adobe Systems Incorporated has information about PDFs and the visually impaired. This information provides tools to help make PDF files accessible. These tools convert Adobe PDF documents into HTML or ASCII text, which then can be read by a number of common screen-reading programs that synthesize text as audible speech. In addition, an accessible version of Adobe Reader 9 for Windows (English only), which contains support for screen readers, is available. These tools and the accessible reader may be obtained free from Adobe at Adobe Access.

Accessibility FOIA Privacy Policies and Notices

Take Pride in America logo USA.gov logo U.S. Department of the Interior | U.S. Geological Survey
Persistent URL: https://pubs.usgs.gov/tm/tm7b1/
Page Contact Information: Publishing Service Center
Page Last Modified: Friday, 02-Dec-2016 15:48:33 EST