Question about password encryption

Hello, I have a question about javascript password encryption. I found a script online and it works, but the user could easily just type in the url as oppose to entering through the encrypted page.

For instance... if I put the script on "www.asdf.index.htm" that would direct to the page "www.asdf.welcome.htm" if the user inputs the correct password. But if the user simply new the directed page "www.asdf.welcome.htm", then they could type that in and bypass the script.

Is there a way to prevent this?

THanks!

Have a look at

http://codingforums.com/showthread.php?s=&threadid=10114

This is the best you are going to get without server side
authentication.

There's no way to prevent direct access to the page with client-side password protection. You can try to use cookies, and add a script in every page to check if the user has logged or not... but it can be bypassed or produce problems.

However, if you really need to secure a page, you need server-side authentication

never tried it ( i suspect borgoise cookie is right), but how how about document referrer? You could always say: "bugger the encrytion...its not worth my while without control of the server"...my advice...nothings secure.

Philip, Ill check that out. Thx.

How about this script? http://javascript.internet.com/passwords/login-coder.html#source

Also claimed to be the best you can get....???


I haven't tried cookies, but my site isn't anything that needs to be secured. I just thought it was a neat addition :)