Skip Navigation | Groups

This site uses cookies- for more information see the Cookie Policy | Continue

 

JavaScript Security???

A login form using JavaScript


There are (at least) three methods of implementing JavaScript "security":

  1. (not described here) The password is in the JavaScript code. Simply Viewing Source will reveal the password, and security is gone.
  2. A simple method based on the Gateway script is described at simple.aspx. This method simply takes the name of the page as a password, and redirects the user to the page. If the password is incorrect, the user receives a "404 page not found" error
  3. A more complex method that "looks" for the page entered in the form of userid and password. If an incorrect userid or password is entered a 404 error is generated. However the user does not see this - they are prompted for the userid and password again. See "No 404 JS Logon" for details.

None of these methods are secure - 1 displays the password in View Source, and 2 and 3 display the URL of the protected page in the browser address bar, the "protected" page is not protected at all.