Protecting a page with JavaScript

Category File Author Send email Website Category General HTML Security 2007090102 Ronx to Ronx www.rxs-enterprises.org

JavaScript Security???

A login form using JavaScript

---

There are (at least) three methods of implementing JavaScript "security":

1. (not described here) The password is in the JavaScript code.  Simply Viewing Source will reveal the password, and security is gone.
2. A simple method based on the Gateway script is described at simple.aspx.  This method simply takes the name of the page as a password, and redirects the user to the page.  If the password is incorrect, the user receives a "404 page not found" error
3. A more complex method that "looks" for the page entered in the form of userid and password.  If an incorrect userid or password is entered a 404 error is generated.  However the user does not see this - they are prompted for the userid and password again.  See "No 404 JS Logon" for details.

None of these methods are secure - 1 displays the password in View Source, and 2 and 3 display the URL of the protected page in the browser address bar, the "protected" page is not protected at all.

Related Pages