Re: "members only" section - user names and passwords

by "Roger Stenning" <roger(at)isgwds.enterprise-plc.com>

 Date:  Sun, 26 Aug 2001 12:43:02 +0100
 To:  <hwg-techniques(at)mail.hwg.org>
 Cc:  <denise(at)amun-ra.demon.co.uk>
 References: 
  todo: View Thread, Original
Denise -

> Most of the HTML I have done has been static, but for the particular
> project I've been working on, there are a number of documents
> which aren't exactly confidential, but would do with being in a
> "members only" area.
>
> What I would like to have are boxes to enter user name and
> password before someone can get to this part of the site.
>
> Can someone point me in the right direction on how I go about this?

OK, you have a few ways in which this can be done, most of which
aren't too secure.

Firstly, you can use a javascript application; there are several
available from such places as www.freescripts.com.

The downside is that most of these, by viewing the source of the page
they are used on, can be circumvented, as the page they direct the
visitor to, are noted in the scripts.

The second method is by using a Java application. However, many people
(myself included) disable Java on their browsers, as a defence aginst
malicious scripting (I've been hit in the distant past, and unless I
trust the site, I don't enable Java at all).

Thirdly, if you have Unix/GCI access privilages on Demon Internet, you
can use a fairly secure method, which is htaccess - there are
tutorials on the web for this. What happens, is that you place a link
to the secured area on the page, and the normal user ID/password combo
box will appear as a popup box; failure to supply correct combo
information results in a 'denied' result.

Lastly, if you're using an NT server, with passwordable folders, you
can use those (they tend to be relatively easy to set up. Again, there
are tutorials available on the web for this). Results are similar to
the htaccess system above.

Hope this helps.

Best regards,

Roger Stenning
Proprietor,
Intelligent Web Design Services
http://iws.n3.net/
(PGP public key available on request)
________________________________________________________
LEGAL DISCLAIMER: The views expressed in this message
may not be those of IWS. The information in this email and
in any attachments may be confidential and/or privileged. If you
are not the intended recipient, you should not retain, copy or
use this email for any purpose, nor disclose all or any part of
its content to any other person - you should also destroy this
message, delete any copies held on your systems and notify
the sender immediately.

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA