Results 1 to 7 of 7

Thread: Need help with valiadting username and password script

  1. #1
    Join Date
    Apr 2005
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Need help with valiadting username and password script

    This is not only to protect my own page, but I would like to ask users to enter their user name and password so they can enter a certain page.htm.
    Is that possible without a cgi , asp or other types. I would like a simple JavaScript validating username and login form.

  2. #2
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by liffland
    This is not only to protect my own page, but I would like to ask users to enter their user name and password so they can enter a certain page.htm.
    Is that possible without a cgi , asp or other types.
    To an extent, yes. However it provides virtually no security, so a server-side solution is far superior.

    You might want to look at Encrypted Password script, but I can't recommend it.

    Mike

  3. #3
    Join Date
    Apr 2005
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Yes Mike, thank you I tried this, but this type it is only for me that I know the password, but tell me how the other users will validate their own password to enter my page. I know there is another option through cookies I just can't finish what I started. If you know please help me.
    I think that you know what I am saying.

  4. #4
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by liffland
    tell me how the other users will validate their own password to enter my page.
    It seems I misinterpreted what you were intending to do. If you're trying to authorise several people accessing shared resources, then a client-side solution is completely inappropriate. The only reason why that script is acceptable (to a degree) is because it uses the entered values to navigate to the protected location. It can easily be brute-forced, but there isn't any plain text which indicates what is being detected. With a single resource, but several unique username/password combinations, the location of that resource would have to be included as plain text, so anyone could find it by looking through the source.

    I really couldn't recommend anything but a server-side solution. Note that this doesn't necessarily mean you need a server-side language like PHP or ASP. The Basic and Digest authentication schemes, which cause the user agent to display a log in prompt, can be provided directly by the server and are simpler to implement. You'll need to ask your host if they support HTTP Authentication if you go for that route.

    Mike

  5. #5
    Join Date
    Apr 2005
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Repply

    I will publish my project soon and I will talk to you later about this. Thank you very much Mike. This was only a project and I wanted to try different things, I wanted to avoid other requirements. It is not a very important page to be protected, it is a try.
    Last edited by liffland; 04-25-2005 at 01:52 PM. Reason: spelling

  6. #6
    Join Date
    Apr 2005
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default How protected does it really need to be?

    PHP and ASP give a lot of protection. Maybe more than you need.

    Depending on how protected the page needs to be, you could use a simple javascript function that will use the password as part of the page address. It is relatively secure since the page they get directed to is not in the source code for all to see.

    http://www.tashian.com/htmlguide/password.html

    explains it well.

  7. #7
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by fartie
    Depending on how protected the page needs to be, you could use a simple javascript function that will use the password as part of the page address. It is relatively secure since the page they get directed to is not in the source code for all to see.
    Hmm. I don't think you've read this thread through. That option has already been discussed and disregarded. The resource is shared by several people with their own user names and passwords, so group authentication is probably the easiest solution, followed by a server-side script.

    Mike

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •