1. Technology

Password Protection

Part 1 : Introduction


So you are looking for a way to password protect or add a sign in to your page and someone has suggested to you that you can do it using Javascript. Well there are a number of disadvantages to using Javascript to password protect your page that you need to be aware of.

  • Most password protection using Javascript acts only as a gateway between the page asking for the password and the page it is protecting. Anyone who knows the address of the 'protected' page can go straight there bypassing the password protection entirely.
  • It is easy to access the source of a Javascript. Javascripts contained within the page source can be easily accessed via the right click menu's View Source option (which can be accessed by pressing the Menu button (located to the left of the Ctrl key at the bottom right of the main section of your keyboard). As most password Javascripts hard code the password into the Javascript, finding out the password can be as trivial as viewing the source.
  • Even if an external Javascript is used, the Javascript source can be easily accessed by viewing the source of the page to find out the name of the external Javascript file. When the address of that file is typed into the browser address bar, the file can be downloaded to the local computer where it can be viewed.

Given these disadvantages, I do not recommend that you use a Javascript to provide password protection for pages on your site. If you have telnet access to the server where your site is hosted then you can set up proper password protection that does not suffer from the above problems. Without telnet access, your options are more limited but if you obtain access to a password gate cgi script (such as can be obtained free from Bravenet) and use that in conjunction with frames so as to hide the page address you are probably protecting your page as far as possible given that you don't have the access to your server to be able to do any better.

You probably either have access to your server so that you can set up proper password protection or you have access to a password gate cgi that provides a better level of password protection than any javascript could so why would you want to consider a Javascript solution?

Only if you don't have access to either of these other options should you consider using Javascript.

If you do need to go with a Javascript solution then not just any password protection Javascript will do. As previously mentioned, most password Javascripts that you will find on the internet rely on having the password hard coded into the source code where anyone with a little knowledge can read it. So what we need is a Javascript where the password is not coded in the source at all or where the password is encrypted into the actual page that we want to protect. Let's consider these one at a time.

Note that the discussion and scripts on this page are copied from the Ask Felgall website with the permission of the copyright owner.

  1. About.com
  2. Technology
  3. JavaScript
  4. Controls and Widgets
  5. JavaScript and Password Protection

©2014 About.com. All rights reserved.