Fog Creek Software
Discussion Board

simple password authentication

Can I implement password authentication into my free site in geocities.

I do not need high level security. Just to protect my address from viewed by the entire world.


Wednesday, February 13, 2002

You could use Javascript encryption.

This way anbody could read the page, but unless they had the password it would all be garbage.

Ged Byrne
Thursday, February 14, 2002

It is not possible to implement secure password authentication where the actual authenticity checking is done on the client (browser) software. Any person with some knowledge of JavaScript/HTML and enough patience/time will be able to find out how your system works because he is able to look at the actual code.

This is even true with using Java applets; applets can easily be decompiled. And both Java Applets and ActiveX components are also a safe way to actually lock out a percentage of your "customers", which is not really what you desire.

In a system where you don't have access to server security mechanisms, it is only possible to make it harder to let someone see your sensitive data; it's not possible to prevent it.

Martin Dittus
Thursday, February 14, 2002


The Javascript quoted uses Public Key Encryption, so even if you get the algorythm from the source, there is no way you can decipher the content without the correct key.

Ged Byrne
Friday, February 15, 2002

If you need a primitive quick hack kind of security, and directory browsing is turned off on the site, put everything in a subdirectory with a secret name. If you want to get fancy, write a login page which redirects to the main page using client-side javascript and the relative path entered in an edit box. I didn't say it was secure, but secure was not what you asked for.

Friday, February 15, 2002

*  Recent Topics

*  Fog Creek Home