Password script

[justdave]

Hello...new member here

I installed Rob Heslop's Password script from DynamicDrive (http://www.dynamicdrive.com/dynamicindex9/password.htm). It is working just fine. I was using htaccess and htpasswrd server side but I wanted to customize the username/password entry as an html form and submit button not a popup window. I have been reading that Heslop's script is not a very secure method. Would love to here some discussion about the vulnerabilities with this method. If this insecurity is merely because someone can see the password in the address bar, I eliminated that by using htaccess on my server to redirect from the page indicated in the script to the page that I want to protect. Any comments?

[jscheuer1]

Javascript is never secure. If you want to use something that's as secure as htaccess but that doesn't create that type of popup, use a secure PHP (or other server side language) login.

Here's a very secure PHP script:

http://www.dynamicdrive.com/forums/s...6023#post96023

Don't be fooled that I'm asking how secure it is - it's completely secure, the thread answers that. I've also used it to good result many times since asking the original question. The only tricky part is that it's only for a single page. But that can be expanded upon.

REQUIRES PHP