I am rather new to this ....

I have used a piece of code from this site in one of my websites. It requires the user to enter a username and password to enter a specific page on my site. It works very well.

However, I now realize that if I "view source" on the password required page I can see the link to which the successful username/password will take me. If I cut and paste this into my browser I can by-pass the need for a username and password. hence it is very insecure.

Is there anyway that I can stop the source of the page being viewed in this way?

Many thanks

Nick

As you can see JavaScript is not a very secure way to offer access to a specific page. Your best bet would be to use a Server Side script for this.

Assuming you only have one acceptable username/password combo, there's a rather sneaky way to improve Javascript security for page access: Base the name of the page on the user/pass combo.

For example, if the username is Bob and the pass is MyPass, you could have the page access Bob-MyPass.html. If the password was wrong, the user would just get a 404 error.

For even more security, you could perform some simple scrambling on the username and password before accessing the page. This way, you couldn't look at the page address and figure out what the username and password are.

You could also implement some cookie code to ensure that the user has already entered the password before displaying the page.

Hope that helps.