mod_auth_cookie_dbmmod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies. | |
Download |
mod_auth_cookie_dbm Ranking & Summary
Advertisement
- License:
- BSD License
- Price:
- FREE
- Publisher Name:
- Magnus Backstrom Ringman
- Publisher web site:
- http://www.medic.chalmers.se/~b/mod_auth_cookie_dbm/
mod_auth_cookie_dbm Tags
mod_auth_cookie_dbm Description
mod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies. mod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies. Cookie-to-username mapping with DBM database.It was devised as a better replacement for the "Basic" authentication components that ship with Apache.Classic "Basic" authentication has some downsides:- Username and password are shipped across the net with every request.- There is no concept of a "session" (nor encores, such as timeouts and automatic logout)This module1. checks requests for a cookie, named in the CookieDBMAuthCookieName configuration directive.2. If found, the cookie value is looked up in a DBM database, named in the CookieDBMAuthFile directive.If the lookup fails, a redirect is made to a page specified in the CookieDBMAuthFailureURL directive.3. The DBM entry is expected to contain a username and optionally an expiry time. Fields are colon-separated, the expiry time is a spelled-out integer (the field gets passed to strtol()) representing the time_tIf valid, the username is taped onto the request, thus "emulating" Basic authentication.If expired, redirect to the CookieDBMAuthFailureURL.The CookieDBMAuthFailureURL typically points at a "login page" CGI script. This program, after checking the user's credentials, should make up a cookie value (preferably a long, cryptographically strong random string), enter it in the dbm file, and pass it to the browser. It might also update an AuthUserFile or AuthDBMUserFile database on the fly.Acknowledgements:This module was written from scratch, with some inspiration from the mod_auth_cookie_mysql and mod_auth_cookie_pgsql2 modules.Requirements:· Apache 2.xWhat's New in This Release:· Repair the Repair. (fix a missed null termination -- serious.)
mod_auth_cookie_dbm Related Software