 |  |  |  |  |  |  |  |
Password Protection from a txt.file
Please support our HTML and CSS advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
I am experiencing a great degree of difficulty trying to password protect a page on my site. I have a .txt file of user id numbers which serve as passwords, and I want to create a java script to gain access that file from my html form. Any help out there?
•
•
Join Date: Apr 2004
Posts: 210
Reputation: 
Solved Threads: 8
Posting Whiz in Training
it's much much much easier to use an access database.. ive got the asp code for this (you're using cookiebased login sessions yea?) but i would need t find it, ask m again if you acctually want it
•
•
•
•
NIKE just mod it!
HND Business IT
CCNA
MSCE
OK, I will try using the Access Database.. I could still use your help though. Just let me know what I need to send you and I'll get it done.
Password protection can be tackled a lot of different ways and they depend on:
You mention a text file with the passwords that the javascript will use to verify....um....if your client-side javascript can access the text file, so can your site visitors. All they have to do is open the page source, read the javascript, then point their browser to the text file. Again, not secure.
- Which OS (windows? linux?)
- Which webserver (IIS? Apache?)
- Do you have admin privs on the server?
- Do you only need to protect scripts or all files?
- What scripting languages are available to you? (ASP?, ASP.NET?, PHP?, Java?, PERL CGI?)
You mention a text file with the passwords that the javascript will use to verify....um....if your client-side javascript can access the text file, so can your site visitors. All they have to do is open the page source, read the javascript, then point their browser to the text file. Again, not secure.
•
•
Join Date: Dec 2004
Posts: 2,413
Reputation:
Solved Threads: 211
Best way is to use a server side language, like Perl or PhP (or ASP), and use it for the authentication...
I don't know that I'd say using a server-side scripting language is the "best" way. You can certainly build a good solution that way. I provide a PHP example for password-protecting pages in my class_session.
I would argue that as far as security goes, using a method natively supported by your webserver is even better than using server-side script. You can configure the webserver to require authentication for specific files or directories. This is done by turning off anonymous access and configuring an authentication method.
For example, with Apache, you can have Apache require the user to authenticate using an OS account, an htpasswd account, or a user account stored in a database. You can enforce this using the Apache conf files or via .htaccess files -- you can search for more about .htaccess.
With server-side script, typically you can only protect script. For example, if you have a directory full of PDF's, it's not so easy to protect those with server-side script. There IS a way, but it involves storing the PDF's in a non web-accessible directory and having a script that can open and stream the PDF--if the user is authorized.
It really depends on what your goals are, what your platform is, and what skill resources you have available.
I would argue that as far as security goes, using a method natively supported by your webserver is even better than using server-side script. You can configure the webserver to require authentication for specific files or directories. This is done by turning off anonymous access and configuring an authentication method.
For example, with Apache, you can have Apache require the user to authenticate using an OS account, an htpasswd account, or a user account stored in a database. You can enforce this using the Apache conf files or via .htaccess files -- you can search for more about .htaccess.
With server-side script, typically you can only protect script. For example, if you have a directory full of PDF's, it's not so easy to protect those with server-side script. There IS a way, but it involves storing the PDF's in a non web-accessible directory and having a script that can open and stream the PDF--if the user is authorized.
It really depends on what your goals are, what your platform is, and what skill resources you have available.
|
Similar Threads
- .txt File Handling in Java (Java)
- Encrypting a .txt file through VB6 (Visual Basic 4 / 5 / 6)
- Search a .txt file for valid password. (VB.NET)
Other Threads in the HTML and CSS Forum
- Previous Thread: offsetTop prob - need to determine if a div is visible
- Next Thread: Image in Textbox?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest HTML and CSS Posts
- Today's Posts
- Unanswered Threads
appointments asp background backgroundcolor beta browser bug calendar cart cgi code codeinjection corporateidentity css design development displayimageinsteadofflash dreamweaver emailmarketing epilepsy explorer firefox flash form format google griefers hackers hitcounter hover html ide ie7 ie8 iframe image images internet internetexplorer intranet iphone javascript jpeg layout macbook maps marketshare microsoft mozilla multimedia navigationbars news offshoreoutsourcingcompany opacity opera optimization pnginie6 positioning problem scroll seo shopping studio swf swf. textcolor timecolor titletags url urlseparatedwords visual visualization web webdevelopment webform website windows7
