How can I produce a custom authentication module for Apache httpd?
Posted on 2007-11-16
I need a custom authentication module for Apache that will put up a customized authentication dialogue. The existing authentication modules cause the browser to pop up a username/password dialogue, which is fine for what it is intended to do, but I would like to do something that only asks for a password, and does so as part of a page that is big enough to provide a paragraph of documentation and a link to more detailed documentation.
At present, I'm faking it with
DirectoryIndex index.html index.php
in my apache config, so that index.html has priority over index.php., and I have written an index.html which contains an html form that invokes a PHP action routine which verifies the password and then invokes the web app (named index.php) if the password is OK. Below the form I have a link to the user manual for the web app.
This looks nice, as I used Dreamweaver to surround the the form with some nice eye candy, but the security level is not very good. Anybody who can find out or guess the name of the subdirectory in which the web app lives can invoke it.
How can I produce (or find) an authentication module that will put up the same screen?