Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Password protection for web pages

1 view
Skip to first unread message

Teemu Kilpi

unread,
Dec 6, 1996, 3:00:00 AM12/6/96
to

I've seen a lot of sites on the web with password protection
systems to prevent unwanted access to certain pages. I was
wondering, is there a JavaScript or Java-program for this?
This sounds silly even to myself, as I've read recently a lot
about security problems with Java, but it doesn't hurt asking,
does it? I need such a system for my own website and fast, and
I've tried diffrent CGI-based systems but they seen too difficult
to install. So any help, info etc. is appreciated. Please reply
directly to me via e-mail so I'll certainly get the reply.

Teemu.
--
_________________________________________________________________________
Teemu Kilpi / x-gen e-mail: t...@kilpi.fi "Take my word for it,
dude;
etu-toolo's highschool voice :+358-049-501800 Temperature is a state of
Helsinki, Finland fax :+358-0-62290062 mind." -Bobby the Iceman
_________ visit the chill out zone: http://www.clinet.fi/~tk/
_________

tmea...@ns.wavefront.com

unread,
Dec 6, 1996, 3:00:00 AM12/6/96
to

What are you using for your Web server - most major ones have this support
built in.
Also - do you want a user signup page or something for granting access??


Teemu Kilpi (t...@kilpi.fi) wrote:
: I've seen a lot of sites on the web with password protection

FEL-X

unread,
Dec 10, 1996, 3:00:00 AM12/10/96
to

Teemu Kilpi wrote:
>
> I've seen a lot of sites on the web with password protection
> systems to prevent unwanted access to certain pages. I was
> wondering, is there a JavaScript or Java-program for this?

Hi,
you can always try this one :

<SCRIPT LANGUAGE="JAVASCRIPT">
<!--
var TheUsername = prompt("Username:","")
var ThePassword = prompt("Password: (Not encrypted)","")
function CheckPassword() {
if (ThePassword == "your_password") {
window.location="your_protected_page.html"
}
else {
window.location="your_sorry_wrong_pass_page.html"
}
}
//-->
</SCRIPT>

<BODY OnLoad=CheckPassword()>

Actually, it asks for a username which can be anything... it's just an
illusion. But if you don''t have the password, than you'll be sent to
the Sorry Wrong password page...

Please notice that the password is written in the script, which is
impossible to avoid in JavaScipt.

For SERIOUS security, please use CGI (Perl) scripts..

'later...

FEL-X

Jeroen Verschuuren

unread,
Dec 11, 1996, 3:00:00 AM12/11/96
to
You can avoid showing the password in the script by using the name of
the page you want to protect as the password. The above script changes a
little to:

<SCRIPT LANGUAGE="JAVASCRIPT">
<!--
function password() {
TheUsername = prompt("Username:","");
ThePassword = prompt("Password:","");
window.location = ThePassword + ".html";
}
//-->
</SCRIPT>

You can add an onError to avoid error messages if the wrong password is
given.

Jeroen
--
,,,
(o o)
~~~~~oOO~~(_)~~OOo~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ Jeroen Verschuuren ]
[ ]
[ mailto:j.l.m.ve...@utct.ct.utwente.nl ]
[ http://www.ct.utwente.nl/~schuuren ]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOO~~( )~~OOo~~~~~~
@ @
/|||\

Tobias De Pessemier

unread,
Dec 11, 1996, 3:00:00 AM12/11/96
to

Jeroen Verschuuren (j.l.m.ve...@ct.utwente.nl) wrote:

: You can avoid showing the password in the script by using the name of


: the page you want to protect as the password.

a very nice solution indeed!

T.

Jeroen Verschuuren

unread,
Dec 11, 1996, 3:00:00 AM12/11/96
to
For the record, not my one idea.
I read this a while ago in this newsgroup.

JV

Cody Burleson

unread,
Dec 12, 1996, 3:00:00 AM12/12/96
to

A common method for password protection is a server side CGI. Many servers
have it and to use it, you put two files in the directory you want
protected. (.htaccess and .htpassword). Ask your server about these
files, how to use them, and the associated CGI script.

-Cody Burleson
Digital Media Specialist
Ecotomic Group, Inc.
in...@ecotomic.com
http://www.ecotomic.com

R. Sabin

unread,
Dec 12, 1996, 3:00:00 AM12/12/96
to

Just for the ones who need! Sorry it's not a javascript posting but a
lot of people have been asking.

Really easy!

Create a file called .htaccess and put in a sub-directory of your home
called "Bookmarks" along with the html page you want to secure. It
should look like this:

--------------------cut-----------------------------
AuthUserFile /usr/apache/htdocs/cms/passme/.htpasswd
AuthGroupFile /usr/apache/htdocs/cms/passme/.htgroup
AuthName Bookmark
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
--------------------cut----------------------------
"/usr/apache/htdocs/cms/passme/" needs to be changed to the full path to
the file on your server.


Then in your home directory create a sub-directory called "mypasswd" or
something.
then telnet into your server and change to that sub-directory and type
this at the prompt:

htpasswd -c .htpasswd yourusername

it will then ask for you to put in a password! and again to verify.

to add users type in the same sub-directory:

htpasswd .htpasswd otherusername (without the -c) #the -c means to
create a new file.

Hope this helps!

Matt Baney

unread,
Dec 13, 1996, 3:00:00 AM12/13/96
to

Jeroen Verschuuren wrote:
>
> FEL-X wrote:
> >
> > Teemu Kilpi wrote:
> > >
.. password question snipped ..

> > Hi,
> > you can always try this one :
> >
.. password solution snipped ..
>
> You can add an onError to avoid error messages if the wrong password is
> given.
>

I haven't been able to find "onError" documented anywhere? How would
I use it?
Thanks
Matt
--
| Matt Baney Boeing Commercial Space Company
| Resouce21 (206)-393-0148
"Whenever you find yourself at the bottom of a deep
hole the first thing you should do is stop digging"

dra...@mailhost.wlc.com

unread,
Dec 13, 1996, 3:00:00 AM12/13/96
to

>Teemu Kilpi wrote:
>>
>> I've seen a lot of sites on the web with password protection
>> systems to prevent unwanted access to certain pages. I was
>> wondering, is there a JavaScript or Java-program for this?

Check out Gordon McComb's Javascript Pages at: http://gmccomb.com/
I found a nice javascript password encryption/decryption script there
that he allows you to use which is also in his book.

Matt Baney

unread,
Dec 13, 1996, 3:00:00 AM12/13/96
to

Jeroen Verschuuren wrote:
>
> FEL-X wrote:
> >
> > Teemu Kilpi wrote:
> > >
.. password question snipped ..
> >
> > Hi,
.. password answer snipped ..

>
> You can add an onError to avoid error messages if the wrong password is
> given.

This is from the Netscape 3.0 documentation about the onError
event handler:

An error event occurs only when a JavaScript syntax or
runtime error occurs, not when a Navigator error occurs.
For example, if you try
set window.location.href='notThere.html'
and notThere.html does not exist, the resulting error
message is a Navigator error message; therefore, an
onError event handler would not intercept that message.

That makes me think that onError would NOT work in this case?
Is that right?

Matt Baney

unread,
Dec 13, 1996, 3:00:00 AM12/13/96
to

Matt Baney wrote:
>
> Jeroen Verschuuren wrote:
> >
> > FEL-X wrote:
> > >
> > > Teemu Kilpi wrote:
> > > >
> .. password question snipped ..
> > > Hi,
> > > you can always try this one :
> > >
> .. password solution snipped ..

> >
> > You can add an onError to avoid error messages if the wrong password is
> > given.
> >
>
> I haven't been able to find "onError" documented anywhere? How would
> I use it?

Neeever mind!!! I was looking at the Netscape 2.0 documentation
page? I checked out the 3.0 page and found onError!

0 new messages