Password Dialog

I would like to display a password dialog, similar to the one displayed when you log onto Experts Exchange.  Can this be done in JavaScript.
dl090597Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Christian_WenzCommented:
the one at Experts Exchange works with something called ".htaccess". A JavaScript dialog is easy to implement, but not very hack-proof.
Ask you ISP if he supports .htaccess, and if he does, I'll give you instructions how to implement this. If not, I'll give you a JS script - but again, that's not hack-proof.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tecbuilderCommented:
The reason that a JavaScript password dialog is not hack proof is that the password has to be hard coded into your HTML file or a JavaScript file.  Hence, if someone wanted to see if the password dialog was generated from JavaScript code, all they would have to do is look at the page's source code.  Inside it they can find the code that generated the password dialog box.  Where ever the code is that generated the password dialog box, so to is the password.

The trick is hoping that they don't check your page's source code.  You can do some things that would make it rather painful to check your code, like putting all the code that generated your page on 1 line, putting in bogus scripts that don't do anything except make your code more difficult to read, etc.  However the person can save your page to their hard drive and load it in an editor where they can add paragraph marks to make it more readable.  Hence finding your password.
0
Holger101497Commented:
There have been half a dozen discussions about this and what you can do to "hide" the password!!!! Maybe it's best to invest some points into the PAQs....

One simple yet effective technique is to "garble" the word that is entered in some way (s.th. very simple) and then set document.location=garbledword+'.html';
As long as you have an "index" or "default" file that keeps people from looking at your directory, that makes it extremely hard to find the next page without knowing a valid password and you can't find the password in the code either.
Even more effective is passing the password to a CGI-script that checks it and (maybe) generates a page. Of course most people don't have access to CGI, but I think that even less people can use .htaccess.

.htaccess is definitely the most effective way, but if you can't use it, there are several ways to make it work ok in JavaScript...
0
ozoCommented:
Another way to increase the hack resistance of Christian_Wenz's script,
(unless it already does this, I haven't seen it yet)
may be not to hard code the password into the script, and instead
send a different hash of it on every invocation.  This would require
a CGI on the otherside to generate a different JavaScript each time,
And you still need a good hash and a secure way of seeding it.

0
Christian_WenzCommented:
I was assuming that dl has no CGI access; but Holger's right, there are really some questions of the same type.
BTW, hi ozo, nice to read you again! :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JavaScript

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.