Solved

HTML Password

Posted on 1997-05-05
18
212 Views
Last Modified: 2007-05-16
I'm looking for a way to require a password to enter a web site.  The same password can be used by everybody.  It does not have to be very secure, just enough to keep out the curious.  I would prefer something in HTML that doesn't requre any server intervention, and something that works with both Netscape and IE.
0
Comment
Question by:fovl
  • 3
  • 3
  • 2
  • +9
18 Comments
 
LVL 3

Expert Comment

by:pc012197
ID: 1836210
Hm... you could use a java applet with a hardcoded password. But that would keep out only curious idiots, not a a curious but determined person...
Or don't CGI-scripts count as 'server intervention'?

0
 

Expert Comment

by:nodas
ID: 1836211
Microsoft's Front Page do this with a very simple way
You can give permissions for the Root web or for its children webs. Every user with his own password ...
0
 
LVL 3

Expert Comment

by:garik
ID: 1836216
Descent security can be achieved through encrypted URLs. F.ex.,
use encrypted password as directory name - as long as directory
listing is prohibited (appropriate index.html or whatever your
server requires), it works like basic HTTP authentication, only
instead of 401's "curious" ones will get 404's.
Encryption can be done in JavaScript - I've TEA cipher written
in JavaScript and complete code of access control page - works
with both Netscape and IE - available just for asking :)


0
 

Expert Comment

by:bigbison
ID: 1836217
I agreed with garik and jshamlin there is 2 solutions: dynamic documents ( javascript, vbscript, etc ) or server side mechanism.

Some people still forget the point: HTML is a "presentation" language not a programming language.


0
 
LVL 1

Expert Comment

by:115lee
ID: 1836218
I would only suggest the use of CGI script,

Its secure (in a sence), and fast and the easiest.

It is possible with Javascript.
I can currently think of one way to do it.

If you write it into Javascript, meaning in your HTML page,
common users may be able to view document source and find out the password, from the script.

So finally to say, CGI is the most advisable.
0
 

Expert Comment

by:joesixpack
ID: 1836219
If you are wise and turn over to the server: with Apache the use of authentication is really very simple by using a .htaccess file with associated passwd (and group) file.
0
 

Expert Comment

by:deeto
ID: 1836220
If the JavaScript were to, let's say, close the browser if the wrong password is entered, Wouldn't that stop viewing of the source?  The opportunity would not be present onload because the password screen would come up right away.  If the wrong one's entered, it's gone, leaving no viewing time!
0
 

Expert Comment

by:poke
ID: 1836221
Yes, I agree with joesixpack, an .htaccess file is the best way to go. If you have the server working for you, then it decides whether or not to serve the page. Assuming you are using APACHE, it is a top notch web server that you will do well by. The .htaccess file is trivial to make, if you have questions, you can refer them to your site administrator.
0
 
LVL 3

Expert Comment

by:pc012197
ID: 1836222
deeto: that wont work. What if someone disables JavaScript, downloads the page and selects 'view source'? :-)

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Expert Comment

by:deeto
ID: 1836223
You're right.  My bad!
0
 
LVL 1

Accepted Solution

by:
ed@learnx.com earned 100 total points
ID: 1836224
This answer seems to have gotten out of hand. Fovl clearly wants to go client side, and clearly doen't care that much about security. The simple answer is JavaScript, where you have the the password equal the name of the file to be loaded (e.g., password is enter and main page is enter.html), when the password is entered, you "pass" it along to document.location and get to the appropriate page. The password is never in the code, the only way you can get in is if you happen upon the name, or if you get a directory listing . . . easy enough.

fovl, if you need the actual code, email me.
0
 
LVL 3

Expert Comment

by:garik
ID: 1836225
Good summary, ed :)

0
 

Author Comment

by:fovl
ID: 1836226
At last it looks like somebody read my original post.  Thanks for the straight forward answer.


0
 

Expert Comment

by:osmon
ID: 1836227
Hey, check this web site:
http://www.geocities.com/~osawashdc/member.htm

This was created (by me) with a JavaScript and as you can see nobody is able to see (jack) my password.

If you would like to know how to do that I would be more than happy to help you.

monge@bigfoot.com
0
 
LVL 5

Assisted Solution

by:Christian_Wenz
Christian_Wenz earned 100 total points
ID: 1836212
Ever considered .htaccess? Easy to implement, very secure.

A direct HTML way does not exist, but you can use JavaScript  (user enters "password"; is then directed to "password".htm or something like that.

Third alternative: a hidden link on your page, but that's VERY insecure

For each of these methods I'll give you a detailled instruction - but please choose one first! :-)
0
 
LVL 3

Expert Comment

by:garik
ID: 1836213
Use part of URL as a password, f.ex. password "secret" could give your users access to http://www.your.com/secret.html or to the whole directory http://www.your.com/secret/files.html
Proper URL can be formed using JavaScript and will work in both NS and IE.
As long as directory listing is either prohibited or is covered by the proper index.html or whatever your Web server requires, this solution is as secure as the basic authentication mentioned in Christian's answer.
Let me know if you need more details.
0
 
LVL 5

Expert Comment

by:Christian_Wenz
ID: 1836214
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
 
LVL 5

Expert Comment

by:Christian_Wenz
ID: 1836215
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Showing your events from Google Calendar in Google Maps Why? I travel all week and I thought it would be ideal if staff in office knew where I was based on my calendar. (OK real reason: my son wanted to see where I would be working, and I thoug…
In this Micro Tutorial viewers will learn how to create navigation buttons that change on rollover, using CSS (Continuation of the CSS Image Sprite tutorial) Create a parent ID for all the list items       - Specify position: absolute and display: block…
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now