345 users online (0 members and 345 guests)  

  Results 1 to 2 of 2


  1. password protection    Forum: Javascript Forum
    Replies: 2
  2. password protection    Forum: Databases
    Replies: 7
  3. Replies: 1
  4. password protection?    Forum: HTML Forum
    Replies: 9
  5. Password Protection    Forum: Javascript Forum
    Replies: 3
  1. #1
    jackie's Avatar
    New User

    Join Date
    Nov 2006

    password protection help needed please

    I'm pretty new to javascript, so maybe this is a silly question.... Part of my website is accessible only to members. So I set up a javascript based password to enter those pages. Then I discovered that any user can walk write in if he disables javascript. Therefore I created an additional step involving an onclick button with a password to get into the page which then has the javascript password protection (same password for both to make it easier on users). This fixes one problem: if the user disables javascript, the onclick button doesn't work and the source code for that page doesn't have the name of the page that the button links to. I was pretty pleased with myself until I realized that in the source code the .js filename appears. So anyone can call up that file from my directory and find the password for the onclick button. They can enable javascript, click the button, enter the password they found, and then disable javascript to get past the javascript password protection on the next page. Grrr. I hope the above kind of makes sense. Is there anything I can do to password protect the .js file in my directory or make it impossible for people to call it up? The source code for the onclick button page tells pretty clearly which directory the .js file is in. Can this be avoided? I've heard that CGI scripts are better for password protection, but my provider won't allow me to use them. Any help would be very much appreciated!

  2. #2
    ALL's Avatar
    Super Dooper Nerd

    Join Date
    Feb 2005

    Re: password protection help needed please

    you should NEVER EVER use javascript as a password protection system, because all i would have to do is read the password right out of the js file or code.

    You should always use a server side language such as PHP, CGI, JSP, CFM, ASP, exc... They are simple to make and 500% more secure.

    If you cannot use a server side language i seggest you switch hosts. (not to advertise, but i recently started hosting sites). What you can do is:

    Make the landing page (ie: index.* or default.*) a login page, from there have a password box, then in the <form> tag have onsubmit="yourfunction()". In your function have it read the password out of the password box, and navigate to the password page with an extension on it...

    for example: if the password was "ALL_IS_AWESOME" , have a page called: ALL_IS_AWESOME.html or something on the site, then from there have it redirect to the real home page.

    you could also have it load a js file, but that would be much more work.


Tags for this Thread