Skip to content Skip to sidebar Skip to footer
Home / Client / Html / Javascript / Passwords

Is There A Way To Password Protect HTML Pages Without Using A Server Side Language?

Post a Comment
I have a series of interlinked web pages, and I want to restrict access to these pages by asking the user to provide a login and password. However, my hosting account currently doe

Solution 1:

There is no way to create a secure clientside script. If the user has access to it, it's insecure.

If your host is running apache you can secure folders using .htaccess, on IIS you can do the same through directory security.


Solution 2:

Below is a working solution to this problem that uses encryption, which I implemented myself.

A few users here have suggested using an encryption-based approach to client-side password protection. I needed this functionality too, so I implemented it myself. The password is hashed using PBKDF2 and then used to encrypt the page with AES256.

The tool is hosted here:

https://www.maxlaumeister.com/pagecrypt/

with source code available here:

https://github.com/MaxLaumeister/pagecrypt

Description of the project, from the project page:

PageCrypt - Password Protect HTML

This tool lets you securely password-protect an HTML file. Unlike other password-protection tools, this tool:

  1. Has no server-side components (this tool and its password-protected pages run entirely in javascript).

  2. Uses strong encryption, so the password-protection cannot be bypassed.

All you need to do is choose an HTML file and a password, and your page will be password-protected.


Solution 3:

You can create a file .htaccess with something like this :

AuthUserFile path/to/password.txt
AuthGroupFile /dev/null
AuthName "Acces Restreint"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

You then have to create the .htpasswd file.


Solution 4:

It is possible to implement this, although you'd probably find it easier to simply switch to a different hosting provider. Here's how it's possible:

First, encrypt the entire body with a symmetric encryption algorithm and a random key (the master key). Store this ciphertext in a javascript block as text.

For all your users, generate a javascript hash mapping their username onto an encrypted copy of the master key (encrypted with each users key).

Finally, create a web page asking for username and password. Once they're entered, use the username to locate the encrypted master key. Decrypt that with the password the user typed in and use the resulting master key to unlock the original body. Use javascript to replace the existing html body with the decrypted one.


Solution 5:

I don't know about client side scripts but you can use the web server to restrict access to your site.
In IIS you can use "directory security" tab settings: configure IIS Web site authentication


You may like these posts

Post a Comment for "Is There A Way To Password Protect HTML Pages Without Using A Server Side Language?"