Q13 How can I password protect a page?

irt.org | Knowledge Base | JavaScript | Password | Q13 [ previous next ]

Q13 How can I password protect a page?

The simplist and most effective password protection using just clientside JavaScripting, relies on the user not knowing the target filename:

<script language="JavaScript"><!--
function go() {
    window.location.href = "http://www.somewhere.com/" +
        document.formName.passwordName.value + '.html';
    return false;
}
//--></script>

<form name="formName" onSubmit="return go()">
Enter Password: <input type="password" name="passwordName" value="" size=8>
</form>

Note, the user can find the directory location, by examining the source, therefore you must protect your directory by placing a default file inside it, which your server will always send when the directory is requested, e.g. index.html, otherwise a directory listing will be sent.

It is also possible on Unix systems, to just set the parent (or all) directory's permissions to rwx--x--x and all other files to rwxr--r--. The user cannot get directory listings, but can still access any files there. (Thanks to Mike Crawford for this last tip.)

Also take a look at the JavaScript Password Protection articles on irt.org.

Feedback on 'Q13 How can I password protect a page?'

• 21:13:00 5/13/00 Stephen Minnich
• 10:18:45 11/24/99 Joern Maske
• 04:47:10 10/20/99 Paul Cooper