A server-independent password authentication method for access-controlled Web pages

A new password authentication method is proposed for the purpose of providing individual Web page authors with convenience in deploying password-protected Web realms at a shared Web server, on which individual authors may not have permission to run their own server-side programs for password verification. According to this method, a Web realm is mapped to a secret directory at the Web server, in which access-controlled Web pages are stored. A password is used to construct the name of the secret directory. A small piece of JavaScript code is embedded in a sign-in Web page outside the secret directory, which converts the user-entered password into the directory name and forms a complete URL, pointing to an access-controlled Web page inside the secret directory. Thus, only users knowing the password can compose a valid URL and retrieve the access-controlled Web page. Using this method, Web page authors can deploy password-protected Web realms in a server-independent manner. Two implementations are given to demonstrate how to apply this method under different application requirements