How can I password-protect a HTML page?

How can you protect your page, so not everyone can have access to it. There are a few possibilities:
Server authentication
The best way to do this is by using server authentication. This means that when someone wants to access a page they get a dialog box in which the have to enter their username and password. The server checks the input and if it is correct the page will be sent to the user. Because this has to be set up on the server you should contact your server administrator to ask if he/she can set it up for you.
CGI program
Instead of using the server you can you write your own script that performs the check. This can be necessary if you can't use server authentication, but have the ability to run scripts. How such a script looks depends on the languages available to run, for instance Perl.
You can use JavaScript to do the checking. Because scripts must be downloaded to the browser, there is a greater risk that someone can retrieve the passwords. You can improve security by placing the script in a separate file, that is referenced by the SCRIPT tag, using the SRC attribute.

There's another problem with using scripts, and it occurs when the browsers does not support JavaScript, or when the user has disabled support. In that case the check will not be activated at all, and the user will not be able to go to protected page, even if they type in the correct password.

I have two techniques that both use JavaScript:

  1. Combine the userids and passwords to a HTML page name
  2. Store the userids and passwords in the scripts

Back to the FAQ main page

  Copyright © 1996 - 1999 Rob Schlüter,   (last updated 1999/01/03)