Is Username Password script in JavaScript all right ??

[chiradeepg41]

Sorry for disturbing...
I made my site for my classmates. And to prevent unauthorized access i have added a javascript username password prompt system.
My query is,
Is the script allowable in x10 ???

location:
ape0913.x10.mx/download.htm

Script
ape0913.x10.mx/login.js

Please Use:
username - 1
password - 1

Thank you....
hope for a quick reply!!

 

[gomarc]

Hi chiradeepg41,

I have no authority to speak for x10hosting, but I’m pretty sure that using a script like that will not bring you any problems with them. In fact there are many sites using some kind of username/password protection and this has never been an issue before.

Regarding your goal "to prevent unauthorized access", don't expect much out of the proposed script. It's very easy to go around it and gain access to the usernames and passwords. If the user disables JavaScript in the browser, the protection is gone.

By far a more secure option is to use a server side script to accomplish your goal. Have you looked into WordPress or any CMS?

 

[chiradeepg41]

Thank you gomarc..

Well the security was more of a casualty than necessity!!
People like us are not that much aware of bypassing such securities!
Moreover even a simple HTML username password field which redirected to a non encrypted URL was not been able to bypassed...

Thank you very much for your support....

 

[misson]

Don't use JS for authorization. Even if someone doesn't understand JS, it's trivial to view the page source and find the username and password. You should use HTTP authentication, which can easily be set up using cPanel.

 

[chiradeepg41]

@misson .. thank you sir...
but is it applicable to protect a single page ??
if to protect a single page then what measure should i take ???

 

[misson]

Yes, but you'll need to edit the authorization settings by hand. Enclose them in a Files section.

<Files foo.php>
    AuthType basic
    AuthUserFile "/path/to/your/htpasswds"
    AuthName "Foo"
    Require valid-user
</Files>

Alternatively, place the page in its own directory as an index file. That is, if the file is named "foo.php", make a folder named "foo" and move "foo.php" to "foo/index.php". You can then protect the directory "foo" using cPanel as normal.

 

[chiradeepg41]

thanx mission..
i opted for the second option..
It was just the thing I wanted to incorporate!!

Thank you again!
x10 is amazing !!

 

[roby718]

If you desperate want to use JS to do logins, write an ajax script that validates credentials using a php counterpart, because php source can't be downloaded (in some circumstances it can: server error).