it's much much much easier to use an access database.. ive got the asp code for this (you're using cookiebased login sessions yea?) but i would need t find it, ask m again if you acctually want it

OK, I will try using the Access Database.. I could still use your help though. Just let me know what I need to send you and I'll get it done.

Password protection can be tackled a lot of different ways and they depend on:

• Which OS (windows? linux?)
• Which webserver (IIS? Apache?)
• Do you have admin privs on the server?
• Do you only need to protect scripts or all files?
• What scripting languages are available to you? (ASP?, ASP.NET?, PHP?, Java?, PERL CGI?)

Know that you cannot secure any web page with javascript. You can make a page harder to access for somebody without any HTML/script skills, but not secure.

You mention a text file with the passwords that the javascript will use to verify....um....if your client-side javascript can access the text file, so can your site visitors. All they have to do is open the page source, read the javascript, then point their browser to the text file. Again, not secure.

Best way is to use a server side language, like Perl or PhP (or ASP), and use it for the authentication...

I don't know that I'd say using a server-side scripting language is the "best" way. You can certainly build a good solution that way. I provide a PHP example for password-protecting pages in my class_session.

I would argue that as far as security goes, using a method natively supported by your webserver is even better than using server-side script. You can configure the webserver to require authentication for specific files or directories. This is done by turning off anonymous access and configuring an authentication method.

For example, with Apache, you can have Apache require the user to authenticate using an OS account, an htpasswd account, or a user account stored in a database. You can enforce this using the Apache conf files or via .htaccess files -- you can search for more about .htaccess.

With server-side script, typically you can only protect script. For example, if you have a directory full of PDF's, it's not so easy to protect those with server-side script. There IS a way, but it involves storing the PDF's in a non web-accessible directory and having a script that can open and stream the PDF--if the user is authorized.

It really depends on what your goals are, what your platform is, and what skill resources you have available.