HTML Password

I'm looking for a way to require a password to enter a web site.  The same password can be used by everybody.  It does not have to be very secure, just enough to keep out the curious.  I would prefer something in HTML that doesn't requre any server intervention, and something that works with both Netscape and IE.
fovlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pc012197Commented:
Hm... you could use a java applet with a hardcoded password. But that would keep out only curious idiots, not a a curious but determined person...
Or don't CGI-scripts count as 'server intervention'?

0
nodasCommented:
Microsoft's Front Page do this with a very simple way
You can give permissions for the Root web or for its children webs. Every user with his own password ...
0
garikCommented:
Descent security can be achieved through encrypted URLs. F.ex.,
use encrypted password as directory name - as long as directory
listing is prohibited (appropriate index.html or whatever your
server requires), it works like basic HTTP authentication, only
instead of 401's "curious" ones will get 404's.
Encryption can be done in JavaScript - I've TEA cipher written
in JavaScript and complete code of access control page - works
with both Netscape and IE - available just for asking :)


0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

bigbisonCommented:
I agreed with garik and jshamlin there is 2 solutions: dynamic documents ( javascript, vbscript, etc ) or server side mechanism.

Some people still forget the point: HTML is a "presentation" language not a programming language.


0
115leeCommented:
I would only suggest the use of CGI script,

Its secure (in a sence), and fast and the easiest.

It is possible with Javascript.
I can currently think of one way to do it.

If you write it into Javascript, meaning in your HTML page,
common users may be able to view document source and find out the password, from the script.

So finally to say, CGI is the most advisable.
0
joesixpackCommented:
If you are wise and turn over to the server: with Apache the use of authentication is really very simple by using a .htaccess file with associated passwd (and group) file.
0
deetoCommented:
If the JavaScript were to, let's say, close the browser if the wrong password is entered, Wouldn't that stop viewing of the source?  The opportunity would not be present onload because the password screen would come up right away.  If the wrong one's entered, it's gone, leaving no viewing time!
0
pokeCommented:
Yes, I agree with joesixpack, an .htaccess file is the best way to go. If you have the server working for you, then it decides whether or not to serve the page. Assuming you are using APACHE, it is a top notch web server that you will do well by. The .htaccess file is trivial to make, if you have questions, you can refer them to your site administrator.
0
pc012197Commented:
deeto: that wont work. What if someone disables JavaScript, downloads the page and selects 'view source'? :-)

0
deetoCommented:
You're right.  My bad!
0
ed@learnx.comCommented:
This answer seems to have gotten out of hand. Fovl clearly wants to go client side, and clearly doen't care that much about security. The simple answer is JavaScript, where you have the the password equal the name of the file to be loaded (e.g., password is enter and main page is enter.html), when the password is entered, you "pass" it along to document.location and get to the appropriate page. The password is never in the code, the only way you can get in is if you happen upon the name, or if you get a directory listing . . . easy enough.

fovl, if you need the actual code, email me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garikCommented:
Good summary, ed :)

0
fovlAuthor Commented:
At last it looks like somebody read my original post.  Thanks for the straight forward answer.


0
osmonCommented:
Hey, check this web site:
http://www.geocities.com/~osawashdc/member.htm

This was created (by me) with a JavaScript and as you can see nobody is able to see (jack) my password.

If you would like to know how to do that I would be more than happy to help you.

monge@bigfoot.com
0
Christian_WenzCommented:
Ever considered .htaccess? Easy to implement, very secure.

A direct HTML way does not exist, but you can use JavaScript  (user enters "password"; is then directed to "password".htm or something like that.

Third alternative: a hidden link on your page, but that's VERY insecure

For each of these methods I'll give you a detailled instruction - but please choose one first! :-)
0
garikCommented:
Use part of URL as a password, f.ex. password "secret" could give your users access to http://www.your.com/secret.html or to the whole directory http://www.your.com/secret/files.html
Proper URL can be formed using JavaScript and will work in both NS and IE.
As long as directory listing is either prohibited or is covered by the proper index.html or whatever your Web server requires, this solution is as secure as the basic authentication mentioned in Christian's answer.
Let me know if you need more details.
0
Christian_WenzCommented:
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
Christian_WenzCommented:
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.