usernames and passwords on a site

Ziycon · 07-06-2005 6:04pm #1

i am using javascript at the moment to have multiple users on a site but the usernames and passwords are visible when you go and look at the source code, is there anyway i can still have multiple users and passwords but that they usernmes and passwords are stored in a seperate file or something like that??????????

mneylon · 07-06-2005 6:08pm

If you are using linux you could look into using .htaccess or using php + mysql

seamus · 07-06-2005 6:21pm

Not really with Javascript.

No matter what you do, at the end of the day someone can modify your javascript and input whatever the hell they want. The whole point of Javascript is that it's client-side and cannot access any files on the client side.

Most login systems for websites use a basic form submissions system. User submits a username and password. The server compares this username and password to the same pair stored in a file/database on the server and authenticates duly.

ninebeanrows · 07-06-2005 7:36pm

There are scripts out there that turn your source code into
mumble jumble.. use hotscript.com or dynamicdrive.com

mneylon · 07-06-2005 7:46pm

Weathercheck wrote:

There are scripts out there that turn your source code into
mumble jumble.. use hotscript.com or dynamicdrive.com

That's hardly secure. Obfuscating javascript is only that. It doesn't give any level of security.

Ph3n0m · 07-06-2005 8:18pm

agreed... check with your host and see if they support anything like PHP/CGI or ASP - then look for solution that you can install that meets your needs.

Using javascript - ugh very unprofessional and also very unsecure

rsynnott · 08-06-2005 10:24pm

Actually, there's a horrible but somewhat effective trick that works with javascript, if you absolutely MUST use javascript. Simply place the things you want the user to see in a directory called 'username-password'; then have your script put together the username and password with '-' between them and redirect them to that address. If the username and password are correct, then they'll get in, otherwise they won't. But really, if you're using Apache you should use .htaccess, and if you're using IIS you should use Apache

roastie · 08-06-2005 10:36pm

try using JSP , and JDBC(java database connection) link to a username login DB search through the info then proceed if info is correct .

not sure if this is the best way but i'll be trying to put a site together later on in the year doin this way i think .

Talliesin · 08-06-2005 11:46pm

Of course, never store an unencrypted password. Store a secure hash of the username, password and some site-specific salt, and then compare hashes.

rsynnott · 08-06-2005 11:57pm

roastie wrote:

try using JSP , and JDBC(java database connection) link to a username login DB search through the info then proceed if info is correct .

not sure if this is the best way but i'll be trying to put a site together later on in the year doin this way i think .

If he's got JSP available then he'll have simpler methods as well.

usernames and passwords on a site

Comments