Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

HTML Password

I'm looking for a way to require a password to enter a web site.  The same password can be used by everybody.  It does not have to be very secure, just enough to keep out the curious.  I would prefer something in HTML that doesn't requre any server intervention, and something that works with both Netscape and IE.
0
fovl
Asked:
fovl
  • 3
  • 3
  • 2
  • +9
2 Solutions
 
pc012197Commented:
Hm... you could use a java applet with a hardcoded password. But that would keep out only curious idiots, not a a curious but determined person...
Or don't CGI-scripts count as 'server intervention'?

0
 
nodasCommented:
Microsoft's Front Page do this with a very simple way
You can give permissions for the Root web or for its children webs. Every user with his own password ...
0
 
garikCommented:
Descent security can be achieved through encrypted URLs. F.ex.,
use encrypted password as directory name - as long as directory
listing is prohibited (appropriate index.html or whatever your
server requires), it works like basic HTTP authentication, only
instead of 401's "curious" ones will get 404's.
Encryption can be done in JavaScript - I've TEA cipher written
in JavaScript and complete code of access control page - works
with both Netscape and IE - available just for asking :)


0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
bigbisonCommented:
I agreed with garik and jshamlin there is 2 solutions: dynamic documents ( javascript, vbscript, etc ) or server side mechanism.

Some people still forget the point: HTML is a "presentation" language not a programming language.


0
 
115leeCommented:
I would only suggest the use of CGI script,

Its secure (in a sence), and fast and the easiest.

It is possible with Javascript.
I can currently think of one way to do it.

If you write it into Javascript, meaning in your HTML page,
common users may be able to view document source and find out the password, from the script.

So finally to say, CGI is the most advisable.
0
 
joesixpackCommented:
If you are wise and turn over to the server: with Apache the use of authentication is really very simple by using a .htaccess file with associated passwd (and group) file.
0
 
deetoCommented:
If the JavaScript were to, let's say, close the browser if the wrong password is entered, Wouldn't that stop viewing of the source?  The opportunity would not be present onload because the password screen would come up right away.  If the wrong one's entered, it's gone, leaving no viewing time!
0
 
pokeCommented:
Yes, I agree with joesixpack, an .htaccess file is the best way to go. If you have the server working for you, then it decides whether or not to serve the page. Assuming you are using APACHE, it is a top notch web server that you will do well by. The .htaccess file is trivial to make, if you have questions, you can refer them to your site administrator.
0
 
pc012197Commented:
deeto: that wont work. What if someone disables JavaScript, downloads the page and selects 'view source'? :-)

0
 
deetoCommented:
You're right.  My bad!
0
 
ed@learnx.comCommented:
This answer seems to have gotten out of hand. Fovl clearly wants to go client side, and clearly doen't care that much about security. The simple answer is JavaScript, where you have the the password equal the name of the file to be loaded (e.g., password is enter and main page is enter.html), when the password is entered, you "pass" it along to document.location and get to the appropriate page. The password is never in the code, the only way you can get in is if you happen upon the name, or if you get a directory listing . . . easy enough.

fovl, if you need the actual code, email me.
0
 
garikCommented:
Good summary, ed :)

0
 
fovlAuthor Commented:
At last it looks like somebody read my original post.  Thanks for the straight forward answer.


0
 
osmonCommented:
Hey, check this web site:
http://www.geocities.com/~osawashdc/member.htm

This was created (by me) with a JavaScript and as you can see nobody is able to see (jack) my password.

If you would like to know how to do that I would be more than happy to help you.

monge@bigfoot.com
0
 
Christian_WenzCommented:
Ever considered .htaccess? Easy to implement, very secure.

A direct HTML way does not exist, but you can use JavaScript  (user enters "password"; is then directed to "password".htm or something like that.

Third alternative: a hidden link on your page, but that's VERY insecure

For each of these methods I'll give you a detailled instruction - but please choose one first! :-)
0
 
garikCommented:
Use part of URL as a password, f.ex. password "secret" could give your users access to http://www.your.com/secret.html or to the whole directory http://www.your.com/secret/files.html
Proper URL can be formed using JavaScript and will work in both NS and IE.
As long as directory listing is either prohibited or is covered by the proper index.html or whatever your Web server requires, this solution is as secure as the basic authentication mentioned in Christian's answer.
Let me know if you need more details.
0
 
Christian_WenzCommented:
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
 
Christian_WenzCommented:
hi garik, that's just the alternative I hinted at with "...but you can use JavaScript..." :-)

but you are right, the "security factor" of this is quite as high.

However, it is very easy to exclude a (former) user from the secret .htaccess protected directory: remove his name/password from the list! if you want to exclude somone from a JS-protected directory/file, you have to give out new passwords to everyone else...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 3
  • 2
  • +9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now