PDA

View Full Version : Password script



justdave
11-24-2014, 06:56 PM
Hello...new member here

I installed Rob Heslop's Password script from DynamicDrive (http://www.dynamicdrive.com/dynamicindex9/password.htm). It is working just fine. I was using htaccess and htpasswrd server side but I wanted to customize the username/password entry as an html form and submit button not a popup window. I have been reading that Heslop's script is not a very secure method. Would love to here some discussion about the vulnerabilities with this method. If this insecurity is merely because someone can see the password in the address bar, I eliminated that by using htaccess on my server to redirect from the page indicated in the script to the page that I want to protect. Any comments?

jscheuer1
11-25-2014, 12:01 AM
Javascript is never secure. If you want to use something that's as secure as htaccess but that doesn't create that type of popup, use a secure PHP (or other server side language) login.

Here's a very secure PHP script:

http://www.dynamicdrive.com/forums/showthread.php?21542-How-Secure&p=96023#post96023

Don't be fooled that I'm asking how secure it is - it's completely secure, the thread answers that. I've also used it to good result many times since asking the original question. The only tricky part is that it's only for a single page. But that can be expanded upon.

REQUIRES PHP