PDA

View Full Version : Need help with valiadting username and password script



liffland
04-24-2005, 03:28 PM
This is not only to protect my own page, but I would like to ask users to enter their user name and password so they can enter a certain page.htm.
Is that possible without a cgi , asp or other types. I would like a simple JavaScript validating username and login form.

mwinter
04-24-2005, 06:30 PM
This is not only to protect my own page, but I would like to ask users to enter their user name and password so they can enter a certain page.htm.
Is that possible without a cgi , asp or other types.To an extent, yes. However it provides virtually no security, so a server-side solution is far superior.

You might want to look at Encrypted Password (http://www.dynamicdrive.com/dynamicindex9/password.htm) script, but I can't recommend it.

Mike

liffland
04-24-2005, 07:21 PM
Yes Mike, thank you I tried this, but this type it is only for me that I know the password, but tell me how the other users will validate their own password to enter my page. I know there is another option through cookies I just can't finish what I started. If you know please help me.
I think that you know what I am saying.

mwinter
04-24-2005, 09:37 PM
tell me how the other users will validate their own password to enter my page.It seems I misinterpreted what you were intending to do. If you're trying to authorise several people accessing shared resources, then a client-side solution is completely inappropriate. The only reason why that script is acceptable (to a degree) is because it uses the entered values to navigate to the protected location. It can easily be brute-forced, but there isn't any plain text which indicates what is being detected. With a single resource, but several unique username/password combinations, the location of that resource would have to be included as plain text, so anyone could find it by looking through the source.

I really couldn't recommend anything but a server-side solution. Note that this doesn't necessarily mean you need a server-side language like PHP or ASP. The Basic and Digest authentication schemes, which cause the user agent to display a log in prompt, can be provided directly by the server and are simpler to implement. You'll need to ask your host if they support HTTP Authentication if you go for that route.

Mike

liffland
04-25-2005, 01:50 PM
I will publish my project soon and I will talk to you later about this. Thank you very much Mike. This was only a project and I wanted to try different things, I wanted to avoid other requirements. It is not a very important page to be protected, it is a try. :)

fartie
04-25-2005, 01:57 PM
PHP and ASP give a lot of protection. Maybe more than you need.

Depending on how protected the page needs to be, you could use a simple javascript function that will use the password as part of the page address. It is relatively secure since the page they get directed to is not in the source code for all to see.

http://www.tashian.com/htmlguide/password.html

explains it well.

mwinter
04-25-2005, 07:41 PM
Depending on how protected the page needs to be, you could use a simple javascript function that will use the password as part of the page address. It is relatively secure since the page they get directed to is not in the source code for all to see.Hmm. I don't think you've read this thread through. That option has already been discussed and disregarded. The resource is shared by several people with their own user names and passwords, so group authentication is probably the easiest solution, followed by a server-side script.

Mike