I am trying to password protect my whole site (multiple pages) for multiple users. I have used the free javascript provided, but if I type one of the addresses into my browser I can access the pages without the password. Does anybody know how to password protect so none of my pages can be accessed without a password??? Thanks!!

Try signing up to http://www.hostedscripts.com/ They have a really good Password Protection thing. You can add as many users as you want. (I think) So far it worked pretty good for me.

you cannot do what you want with a simple scripting language. see if your service provider offers to host on an SSL server, if you really want security. through SSL you can force passwords and encryption. that is what the banks and other secure sites use.

as noted above you can also find folks to host a page for you if you go through their service. but then you never really know what they are doing with your page or how secure it really is.

You can do:

if (document.referers != "login-page.html") {
self.location.href = "login-page.html";
}

I heard that this only works in Netscape 4.x

if (document.referers != "login-page.html") {
self.location.href = "login-page.html";
}


there is no real security in that. 1) it only works with some browsers and only if javascript is enabled (which can always be turned off), and 2) the page is already in cache so even if you redirect I can still go get it.

I am working on a simular problem where I have a members only area.
The solution I am working on, (without much success yet), is to set a cookie on the initial password page which carries the password, or in your case the username and password. Then on other protected pages simply check for the cookie(s) and process.
If you come up with a solution please let me know. I'll do likewise.
Thanks,
sinhart@hotmail.com

I'm getting that the disable JavaScript option in the browser pretty much puts a limit to what JavaScript can do, but..

If the Javascript "checking logic" were in an external js file does that offer any level of security?

the js file is also already downloaded to the user machine.

if you really want security, reread my first post. if you want to make it a little harder so many people will not bother with it - use some of the tricks discussed. but do noit confuse them with real security.