Password Protection Pages

[Fotoman]

Just tried out the script for password protecting a page. ( http://www.dynamicdrive.com/dynamicindex9/password.htm )

This works fine for the purpose I require. The way it reconfigures the text password to numerals is very clever and obviously disguises this in the source code.

However, I have found that the protected page can be accessed by anyone using the same PC simply by going into the History and clicking the secure (?) link. Is there a way of overcoming this breach of security?

Also, simply copying the address from the address bar will also allow you just paste the link in and open the page. (Of course you need to know the password to do this.) But it still by-passes the Login Page.



Thanks

[Twey]

A client-side login script is never going to be totally secure. To stop it appearing in the history (usually), you can replace

Code:

window.location=password+".htm"

with

Code:

window.location.replace(password + ".html");

However, you're never going to achieve a great amount of security with this script.

[Fotoman]

Thanks Twey, i'll try that.

I don't need it that secure, as the people using it will be told the access code beforehand and, unl;ess anyone can guess the password, they won't be getting into it. The stuff that's going on there would not be of that much interest to others.

It's just to satisfy the people giving me the information to put on the page.

Thanks again