JavaScript Security???
A login form using JavaScript
There are (at least) three methods of implementing JavaScript "security":
- (not described here) The password is in the JavaScript code. Simply Viewing Source will reveal the password, and security is gone.
- A simple method based on the Gateway script is described at simple.htm. This method simply takes the name of the page as a password, and redirects the user to the page. If the password is incorrect, the user receives a "404 page not found" error
- A more complex method that "looks" for the page entered in the form of userid and password. If an incorrect userid or password is entered a 404 error is generated. However the user does not see this - they are prompted for the userid and password again. See "No 404 JS Logon" for details.
None of these methods are secure - 1 displays the password in View Source, and 2 and 3 display the URL of the protected page in the browser address bar, the "protected" page is not protected at all.