You are here: irt.org | FAQ | JavaScript | Password | Q13 [ previous next ]
The simplist and most effective password protection using just clientside JavaScripting, relies on the user not knowing the target filename:
<script language="JavaScript"><!-- function go() { window.location.href = "http://www.somewhere.com/" + document.formName.passwordName.value + '.html'; return false; } //--></script> <form name="formName" onSubmit="return go()"> Enter Password: <input type="password" name="passwordName" value="" size=8> </form>
Note, the user can find the directory location, by examining the source, therefore you must protect your directory by placing a default file inside it, which your server will always send when the directory is requested, e.g. index.html, otherwise a directory listing will be sent.
It is also possible on Unix systems, to just set the parent (or all) directory's permissions to rwx--x--x and all other files to rwxr--r--. The user cannot get directory listings, but can still access any files there. (Thanks to Mike Crawford for this last tip.)
Also take a look at the JavaScript Password Protection articles on irt.org.