A new password authentication method is proposed for the purpose of providing individual Web page authors with convenience in deploying password-protected Web realms at a shared Web server, on which individual authors may not have permission to run their own server-side programs for password verification. According to this method, a Web realm is mapped to a secret directory at the Web server, in which access-controlled Web pages are stored. A password is used to construct the name of the secret directory. A small piece of JavaScript code is embedded in a sign-in Web page outside the secret directory, which converts the user-entered password into the directory name and forms a complete URL, pointing to an access-controlled Web page inside the secret directory. Thus, only users knowing the password can compose a valid URL and retrieve the access-controlled Web page. Using this method, Web page authors can deploy password-protected Web realms in a server-independent manner. Two implementations are given to demonstrate how to apply this method under different application requirements.
[1]
Roy T. Fielding,et al.
Hypertext Transfer Protocol - HTTP/1.0
,
1996,
RFC.
[2]
Joseph D. Touch,et al.
Report on MD5 Performance
,
1995,
RFC.
[3]
Tim Berners-Lee,et al.
Hypertext transfer protocol--http/i
,
1993
.
[4]
John Linn,et al.
Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures
,
1989,
RFC.
[5]
Ronald L. Rivest,et al.
The MD5 Message-Digest Algorithm
,
1992,
RFC.
[6]
John Linn,et al.
Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures
,
1987,
RFC.