self-expiring pages

Bill Lovett bill at
Mon Mar 10 20:41:37 EST 2003

I have an idea for an application that I'd like to get some feedback on.
Let's say you need to keep track of user login information for several
client servers. Security is obviously a concern. In my case, I need a
way to safely provide this information to both technical and faintly
technical staff.

I started thinking about how some mailing list managers work, where you
state what you want to do, and then get a confirmation email with a link
or special reply address that must be received by the server in order
for your request to be processed. 

With that in mind, I'm wondering how I could set up a random link
generator that would issue urls that are only valid for n minutes, but
with querystrings that aren't obvious. If I had that piece of the
puzzle, I could add additional security by restricting the addresses who
could receive such links and by storing the passwords in mysql with heavy
user restrictions. So the full process would be:

-send an email to a special account
-email is received by a script which generates a time-sensitive link
-user clicks on link and gets the info they need (over ssl) or gets a "sorry, too
late" message

Has anyone ever done anything like this? Better still, can anyone see a
way to squeeze pgp into the picture?


More information about the talk mailing list