Solved

HTML Password

Posted on 1997-05-05
18
211 Views
Last Modified: 2007-05-16
I'm looking for a way to require a password to enter a web site.  The same password can be used by everybody.  It does not have to be very secure, just enough to keep out the curious.  I would prefer something in HTML that doesn't requre any server intervention, and something that works with both Netscape and IE.
0
Comment
Question by:fovl
  • 3
  • 3
  • 2
  • +9
18 Comments
 
LVL 3

Expert Comment

by:pc012197
ID: 1836210
Hm... you could use a java applet with a hardcoded password. But that would keep out only curious idiots, not a a curious but determined person...
Or don't CGI-scripts count as 'server intervention'?

0
 

Expert Comment

by:nodas
ID: 1836211
Microsoft's Front Page do this with a very simple way
You can give permissions for the Root web or for its children webs. Every user with his own password ...
0
 
LVL 3

Expert Comment

by:garik
ID: 1836216
Descent security can be achieved through encrypted URLs. F.ex.,
use encrypted password as directory name - as long as directory
listing is prohibited (appropriate index.html or whatever your
server requires), it works like basic HTTP authentication, only
instead of 401's "curious" ones will get 404's.
Encryption can be done in JavaScript - I've TEA cipher written
in JavaScript and complete code of access control page - works
with both Netscape and IE - available just for asking :)


0
 

Expert Comment

by:bigbison
ID: 1836217
I agreed with garik and jshamlin there is 2 solutions: dynamic documents ( javascript, vbscript, etc ) or server side mechanism.

Some people still forget the point: HTML is a "presentation" language not a programming language.


0
 
LVL 1

Expert Comment

by:115lee
ID: 1836218
I would only suggest the use of CGI script,

Its secure (in a sence), and fast and the easiest.

It is possible with Javascript.
I can currently think of one way to do it.

If you write it into Javascript, meaning in your HTML page,
common users may be able to view document source and find out the password, from the script.

So finally to say, CGI is the most advisable.
0
 

Expert Comment

by:joesixpack
ID: 1836219
If you are wise and turn over to the server: with Apache the use of authentication is really very simple by using a .htaccess file with associated passwd (and group) file.
0
 

Expert Comment

by:deeto
ID: 1836220
If the JavaScript were to, let's say, close the browser if the wrong password is entered, Wouldn't that stop viewing of the source?  The opportunity would not be present onload because the password screen would come up right away.  If the wrong one's entered, it's gone, leaving no viewing time!
0
 

Expert Comment

by:poke
ID: 1836221
Yes, I agree with joesixpack, an .htaccess file is the best way to go. If you have the server working for you, then it decides whether or not to serve the page. Assuming you are using APACHE, it is a top notch web server that you will do well by. The .htaccess file is trivial to make, if you have questions, you can refer them to your site administrator.
0
 
LVL 3

Expert Comment

by:pc012197
ID: 1836222
deeto: that wont work. What if someone disables JavaScript, downloads the page and selects 'view source'? :-)

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Expert Comment

by:deeto
ID: 1836223
You're right.  My bad!
0
 
LVL 1

Accepted Solution

by:
ed@learnx.com earned 100 total points
ID: 1836224
This answer seems to have gotten out of hand. Fovl clearly wants to go client side, and clearly doen't care that much about security. The simple answer is JavaScript, where you have the the password equal the name of the file to be loaded (e.g., password is enter and main page is enter.html), when the password is entered, you "pass" it along to document.location and get to the appropriate page. The password is never in the code, the only way you can get in is if you happen upon the name, or if you get a directory listing . . . easy enough.

fovl, if you need the actual code, email me.
0
 
LVL 3

Expert Comment

by:garik
ID: 1836225
Good summary, ed :)

0
 

Author Comment

by:fovl
ID: 1836226
At last it looks like somebody read my original post.  Thanks for the straight forward answer.


0
 

Expert Comment

by:osmon
ID: 1836227
Hey, check this web site:
http://www.geocities.com/~osawashdc/member.htm

This was created (by me) with a JavaScript and as you can see nobody is able to see (jack) my password.

If you would like to know how to do that I would be more than happy to help you.

monge@bigfoot.com
0
 
LVL 5

Assisted Solution

by:Christian_Wenz
Christian_Wenz earned 100 total points
ID: 1836212
Ever considered .htaccess? Easy to implement, very secure.

A direct HTML way does not exist, but you can use JavaScript  (user enters "password"; is then directed to "password".htm or something like that.

Third alternative: a hidden link on your page, but that's VERY insecure

For each of these methods I'll give you a detailled instruction - but please choose one first! :-)
0
 
LVL 3

Expert Comment

by:garik
ID: 1836213
Use part of URL as a password, f.ex. password "secret" could give your users access to http://www.your.com/secret.html or to the whole directory http://www.your.com/secret/files.html
Proper URL can be formed using JavaScript and will work in both NS and IE.
As long as directory listing is either prohibited or is covered by the proper index.html or whatever your Web server requires, this solution is as secure as the basic authentication mentioned in Christian's answer.
Let me know if you need more details.
0
 
LVL 5

Expert Comment

by:Christian_Wenz
ID: 1836214
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
 
LVL 5

Expert Comment

by:Christian_Wenz
ID: 1836215
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
updateParent() HTML Javascript 21 62
Login area of a page 4 20
Change month dropdown 5 17
Create html table using xsl 8 12
Introduction The Google Maps API offers various ways to draw dynamic and static maps.  Using a combination of PHP and JavaScript, you can draw active JavaScript maps that allow pan-and-zoom in the client browser window.  You can also draw "static" …
This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now