Password-protect your Web pages


Q How can I put a password on my Web page so that only a privileged few can access the page?

û Stephen McNamara

A If you really want to keep people from accessing certain Web pages, now would be a good time to make friends with the person who looks after your Web server. A server provides the best password protection for your pages through a process called user authentication. Once the Webmaster locks out certain files and/or directories, a login name and password is required to access them. If an invalid login name or password is provided, the server denies access. Some Common Gateway Interface (CGI) scripts can to do the same thing, but you usually need to access the server to set one up.

If you don't have direct access to your server, your next best option is to use a JavaScript password script. This kind of password protection is not secure because users can view JavaScript code, including any password values and the URL that the correct login jumps to, from their browser. Since the page that loads after a successful login isn't password protected by your server, users can avoid the login process by jumping directly to that page. However, a JavaScript password script will provide some protection from casual users. There are numerous password scripts on the Web, and some provide better security than others. You can grab one from www.javascripts.com or www.javagoodies.com/html.html.

û Belinda Taylor


Category:internet
Issue: November 1998

These Web pages are produced by Australian PC World © 1998 IDG Communications