NAME
Data::Token - Generate an unpredictable unique token
VERSION
This document describes Data::Token version 0.0.3
SYNOPSIS
use Data::Token;
print token;
DESCRIPTION
This library exports a single method 'token' which can be used to generate a unique and unpredictable token.
INTERFACE
token
Return a unique token.
DATA
The data returned may change over time, but will be kept to characters between A-Z, a-z, 0-9, _ and - and a maximum length of 256 characters (currently it is much shorter).
It is safe to put in a URL (note: Length may become an issue in the future); insert into a database (although you should always use BIND columns); as an attribute or text section of XML (also HTML) (but not as a Tag name); store as a filename on disk; key/value in a Hash etc.
SECURITY
These tokens are hard to guess. That does not mean there is no overlaps. Using a hashing system such as MD5 or SHA-1 still means possibility of overlap. MD5 is a problem in signatures against large documents because you can change parts of the document without changing the meaning. But this system is only using MD5 to hide the secret and add unpredictability. So MD5 or SHA-1 - Jury is out.
Duplicates
You should check for duplicates in your local store before returning. The chances of duplicates are extremely unlikely but better safe than sorry.
Bruit force attack
Although the numbers are unpredictable there is alwas bruit force attacks. These need to be guarded against. A system should increase the time delay on requests as the attack increases. If you are using Apache this can be done with other modules, or integrated into your solution.
INTEGRATION
This module is written to replace embedded modules in applications such as CGI::Session, but also for non-standard modules you have to write yourself (e.g. Creating a unique URL for returning private data).
DIAGNOSTICS
XXX
Error message here, perhaps with %s placeholders
Another error message here
CONFIGURATION AND ENVIRONMENT
Data::Token requires no configuration files or environment variables.
DEPENDENCIES
Uses Data::UUID to create the initial unique number and md5 to generate the unpredictability.
XXX Possibly SHA1 and Crypt::Random
INCOMPATIBILITIES
None reported.
BUGS AND LIMITATIONS
No bugs have been reported.
Please report any bugs or feature requests to bug-data-token@rt.cpan.org
, or through the web interface at http://rt.cpan.org.
AUTHOR
Scott Penrose <scott@cpan.org>
LICENCE AND COPYRIGHT
Copyright (c) 2008, Scott Penrose <scott@cpan.org>
. All rights reserved.
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.
DISCLAIMER OF WARRANTY
BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 83:
You can't have =items (as at line 87) unless the first thing after the =over is an =item