/    Sign up×
Community /Pin to ProfileBookmark

Site Password Protection

Copy linkTweet thisAlerts:
Dec 27.2002

I am trying to password protect my whole site (multiple pages) for multiple users. I have used the free javascript provided, but if I type one of the addresses into my browser I can access the pages without the password. Does anybody know how to password protect so none of my pages can be accessed without a password??? Thanks!!

to post a comment
JavaScript

7 Comments(s)

Copy linkTweet thisAlerts:
@UnRealKreationzDec 27.2002 — Try signing up to http://www.hostedscripts.com/ They have a really good Password Protection thing. You can add as many users as you want. (I think) So far it worked pretty good for me.
Copy linkTweet thisAlerts:
@Beach_BumDec 29.2002 — you cannot do what you want with a simple scripting language. see if your service provider offers to host on an SSL server, if you really want security. through SSL you can force passwords and encryption. that is what the banks and other secure sites use.

as noted above you can also find folks to host a page for you if you go through their service. but then you never really know what they are doing with your page or how secure it really is.
Copy linkTweet thisAlerts:
@Zach_ElfersDec 29.2002 — You can do:

if (document.referers != "login-page.html") {

self.location.href = "login-page.html";

}

I heard that this only works in Netscape 4.x
Copy linkTweet thisAlerts:
@Beach_BumDec 29.2002 — 
if (document.referers != "login-page.html") {

self.location.href = "login-page.html";

}
[/QUOTE]

there is no real security in that. 1) it only works with some browsers and only if javascript is enabled (which can always be turned off), and 2) the page is already in cache so even if you redirect I can still go get it.
Copy linkTweet thisAlerts:
@sinhartDec 29.2002 — I am working on a simular problem where I have a members only area.

The solution I am working on, (without much success yet), is to set a cookie on the initial password page which carries the password, or in your case the username and password. Then on other protected pages simply check for the cookie(s) and process.

If you come up with a solution please let me know. I'll do likewise.

Thanks,

[email][email protected][/email]
Copy linkTweet thisAlerts:
@Jay5Jan 04.2003 — I'm getting that the disable JavaScript option in the browser pretty much puts a limit to what JavaScript can do, but..

If the Javascript "checking logic" were in an external js file does that offer any level of security?
Copy linkTweet thisAlerts:
@Beach_BumJan 13.2003 — the js file is also already downloaded to the user machine.

if you really want security, reread my first post. if you want to make it a little harder so many people will not bother with it - use some of the tricks discussed. but do noit confuse them with real security.
×

Success!

Help @katkueen spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...