Using crypto to replace database access. posted February 2015

A pretty fresh article on how you could use crypto to replace a lot of complicated schemes you might use on your website like password reset or mail confirmation:

https://neosmart.net/blog/2015/using-hmac-signatures-to-avoid-database-writes/

tl;dr: instead of creating a table for tokens, you could create the password reset url like this:

http://www.example.com/password_reset/?user=username&expires=15649848949849&[email protected]&token=

and at the place of the token you would put the output of a MAC. Checking the MAC again after receiving the url would confirm that YOU created that url and it has not been modified. Remember, MAC provides integrity and authentication. The author also provides a way to only render this usable once: use the original hashed password as a nonce.