mod_auth_cookie_dbm 1.0.2 review
Downloadmod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies
|
|
mod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies. Cookie-to-username mapping with DBM database.
It was devised as a better replacement for the "Basic" authentication components that ship with Apache.
Classic "Basic" authentication has some downsides:
- Username and password are shipped across the net with every request.
- There is no concept of a "session" (nor encores, such as timeouts and automatic logout)
This module
1. checks requests for a cookie, named in the CookieDBMAuthCookieName configuration directive.
2. If found, the cookie value is looked up in a DBM database, named in the CookieDBMAuthFile directive.
If the lookup fails, a redirect is made to a page specified in the CookieDBMAuthFailureURL directive.
3. The DBM entry is expected to contain a username and optionally an expiry time. Fields are colon-separated, the expiry time is a spelled-out integer (the field gets passed to strtol()) representing the time_t
If valid, the username is taped onto the request, thus "emulating" Basic authentication.
If expired, redirect to the CookieDBMAuthFailureURL.
The CookieDBMAuthFailureURL typically points at a "login page" CGI script. This program, after checking the user's credentials, should make up a cookie value (preferably a long, cryptographically strong random string), enter it in the dbm file, and pass it to the browser. It might also update an AuthUserFile or AuthDBMUserFile database on the fly.
Acknowledgements:
This module was written from scratch, with some inspiration from the mod_auth_cookie_mysql and mod_auth_cookie_pgsql2 modules.
Requirements:
Apache 2.x
What's New in This Release:
Repair the Repair. (fix a missed null termination -- serious.)
mod_auth_cookie_dbm 1.0.2 search tags