How can I protect my pages with a password?
You cannot use (client-side) JavaScript in order to protect certain pages on your server. If you want to protect your web-pages with a password you normally use CGI (Common Gateway Interface).
Why can't I use JavaScript in order to protect my page?
JavaScript code runs on the client computer (we restrict ourselves here to
client-side JavaScript). As the JavaScript code can be seen by choosing
'View document source' in your browser everybody can look at the password which
must be stored somewhere. You could encrypt the password - but everybody could
view your function used for the encryption.
The most important thing is that if you have the address of a web-page (which
isn't protected on the server-side with CGI or something like that) you can
request this document and view it. If you'd try to implement a JavaScript
protection then you might create two files: the first file is the page with
the 'protection code'. The second page contains the information which you
want to hide from certain people not knowing the password. But what do you do
if someone just knows the address of the second page and enters it into
a browser? The page is being loaded without any protection! The users could get
the address through looking at the source code of your first page.
Some pages on the net claim to implement password protection with JavaScript.
What do they do? They might make it a bit difficult to get the page - but
they won't protect it completely. Some scripts work with different frames -
the code with the password is located in a very small frame which cannot be seen
easily. If you have a look at the source code it might take a while until you'll
realize what this code does - but that's all.
I have tested some 'password protected' pages which use JavaScript - and it really
didn't take me long to see the password. I am not a hacker. I just know some HTML
and a little JavaScript. So if I am able to get the password - everybody is.
©1996,1997 by Stefan Koch
e-mail:skoch@rumms.uni-mannheim.de
http://rummelplatz.uni-mannheim.de/~skoch/
My JavaScript-book