Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password to open an HTML Page

Status
Not open for further replies.
ZmrAbdulla

ZmrAbdulla

Technical User
Apr 22, 2003
4,364
AE
Hi,

Can anyone tell me what is the easiest way to put a Password prompt for an HTML Page?
My idea is to stop users entering to some of the pages in an intranet. If they are authorized then they can enter the password and go to the page.

Regards


Zameer Abdulla

 
Sort by date Sort by votes
You will need to look at server security, have a look for nt security if the users all have access to the server, or at some serverside scripting (asp/cgi/php etc) for security.

Any client side security (javascript), can be 'cracked' in seconds.

Good Luck

Simon
 
Upvote 0 Downvote
Hi Simon,

Thanks for the fast response.
You mean Javascript password can be viewed through the Source Code. If I disbale the rightclicking then? Or I keep the .js file separately and link to the HTML page? I am not an Administrator for the system. I am only designing the "intranet" (These pages are not used for internet). These pages also used to create a HYML Help File format. I am trying to use a password for some pages So that not all the pages are to be viewed by everyone.

Regards

Zameer Abdulla

 
Upvote 0 Downvote
This is going to have to be done at the sever level. If you try this with JavaScript, you will not be able to hide it. If you disable right clicking, users can just select veiw source from the browser menu. If you keep the .js files in a seperate location, users can just put the path to the .js (they found while viewing source) in the browser to download and open the whole file.

The files will either have to be locked down on the server, or you will have to use some type of server side programming language to do it.

Hope This Helps!

Ecobb

"Alright Brain, you don't like me, and I don't like you. But lets just do this, and I can get back to killing you with beer." - Homer Simpson
 
Upvote 0 Downvote
Just to add to Ecobb's remarks.

You cannot hide the javascript, many have tried, and failed, on here - the closest someone has managed was a couple of minutes delay.

The browser needs the javascript for the page, and if the browser can see it - so can I.

If you are using the security in an intranet, speak to your server administrator about setting up nt security for the files you want to protect.

Simon
 
Upvote 0 Downvote

A few years ago, I came across a JS client-side solution to password protecting pages.

It seemed to use a one-way hash, that was very hard to break (I wrote a cracking program, and left it running 24/7 for several months before giving it up as a lost cause).

I'll see if I can find it, although the website isn't around anymore, I might still have a reference to it.

Dan
 
Upvote 0 Downvote
Hmm you don't need to crack it all you have to do is look at the source and it gives you the path to the protected page. Client side password scripts just aren't secure.
Code: 
function go(){
location.href="[COLOR=red]password-pro-in.html[/color]";
}

Glen
 
Upvote 0 Downvote
Glen,

It looks like the people who implemented the script on that page totally misunderstood how to do it properly.

Going through to the URL of the author (which is in the source, if you viewed it):

Will give you the correct version, which doesn't have the URL of the password protected page in the source.

Give me some credit - Do you really think after what I said about client-side security, and taking months to crack, that I would have posted a solution that required the URL in cleartext?

Dan
 
Upvote 0 Downvote
Sorry Dan I know that you are a very very proficient programmer. I just went to the first link you posted and thought, hmm this isn't very secure. As I'm not as good as you are, I was surprised how easy it was to enter the PW protected page. In no way was I trying to infer that you didn't know what you were doing. I apologize profusely for my error. Just trying to help.
BTW I changed the PW page so that the Check() loaded on onload and that way you can't view the source code.

Glen
 
Upvote 0 Downvote

Glen,

No need to apologise for anything... I think you misunderstood my statement. I wasn't trying to put down your abilities as a programmer, or rate myself as more proficient than anyone else.

Maybe I could have worded the line a bit less ambiguously.

Sorry for the confusion,
Dan


 
Upvote 0 Downvote
Dan,

Very Good. I stand corrected.

You can hide a url using javascript, and this does make it harder to get to the protected page, but, I dont think this is very secure.

Once the location of the page is known then the security is bypassed.

The only way to be sure is to use server side security.

Simon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lmcate
  • Locked
  • Question
From HTML Page open an MDB files on the server and work
Replies
0
Views
509
lmcate
lmcate
soni21
  • Locked
  • Question
JavaScript String to Number Conversion in HTML: Seeking Clarification
Replies
4
Views
2K
Chris Miller
Chris Miller
jizzer
  • Locked
  • Question
HTML/CSS Image map with multiple tool-tips
Replies
3
Views
2K
spamjim
spamjim
bdwilcox
  • Locked
  • Question
More efficient / manageable way to code this HTA w/ VBScript?
Replies
0
Views
999
bdwilcox
bdwilcox
cae154
  • Locked
  • Question
Body of email not appearing in correct font on iPhone and iPad
Replies
1
Views
1K
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top