Home Articles FAQs XREF Games Software Instant Books BBS About FOLDOC RFCs Feedback Sitemap

Q13 How can I password protect a page?

You are here: irt.org | FAQ | JavaScript | Password | Q13 [ previous next ]

The simplist and most effective password protection using just clientside JavaScripting, relies on the user not knowing the target filename:

<script language="JavaScript"><!--
function go() {
    window.location.href = "http://www.somewhere.com/" +
        document.formName.passwordName.value + '.html';
    return false;

<form name="formName" onSubmit="return go()">
Enter Password: <input type="password" name="passwordName" value="" size=8>

Note, the user can find the directory location, by examining the source, therefore you must protect your directory by placing a default file inside it, which your server will always send when the directory is requested, e.g. index.html, otherwise a directory listing will be sent.

It is also possible on Unix systems, to just set the parent (or all) directory's permissions to rwx--x--x and all other files to rwxr--r--. The user cannot get directory listings, but can still access any files there. (Thanks to Mike Crawford for this last tip.)

Also take a look at the JavaScript Password Protection articles on irt.org.

Feedback on 'Q13 How can I password protect a page?'

©2018 Martin Webb