User-based security means forcing the user to login to a web server before any of its documents, scripts or server-side programs can be used. Once the user supplies the correct information, they are trusted to download the web pages. The computer protocol underneath the Web (HTTP) doesn't provide comprehensive support for user logins, so you have to make do with the basics available.
There are three main approaches, none of which require much JavaScript. They are:
These kind of high jinks with the browser are beyond a JavaScript book, so only a few pointers are supplied.
The first two options are described in
. If you decide to use the latter technique, you will need a method of encrypting the supplied password in your CGI program and possibly in the browser as well. If the CGI program is written in JavaScript, this URL contains an industrial strength example of password encryption, although there are many simpler (and possibly less secure) ways to validate passwords: http://www.webthing.com/tutorials/login.html
.http://www.mlab.dnj.ynu.ac.jp/~uchiyama/md5java.html
The third approach uses the same technology as signed scripts, but otherwise isn't covered here. You require a server certificate instead of an object signing certificate to proceed.