User-based security

User-based security means forcing the user to login to a web server before any of its documents, scripts or server-side programs can be used. Once the user supplies the correct information, they are trusted to download the web pages. The computer protocol underneath the Web (HTTP) doesn't provide comprehensive support for user logins, so you have to make do with the basics available.

There are three main approaches, none of which require much JavaScript. They are:

use the HTTP authentication system, which requires special web server configuration
use an HTML form that supplies a username and password to a CGI program (or server-side JavaScript) when submitted, and which returns a cookie that can be used to track the user afterwards. If your server-side JavaScript connects to a database, this is the preferred method. Any passwords sent to the server in this manner are exposed to the view of anyone intercepting the message on the way, so it is not a perfect solution.
Server certificates.

These kind of high jinks with the browser are beyond a JavaScript book, so only a few pointers are supplied.

The first two options are described in

http://www.webthing.com/tutorials/login.html

. If you decide to use the latter technique, you will need a method of encrypting the supplied password in your CGI program and possibly in the browser as well. If the CGI program is written in JavaScript, this URL contains an industrial strength example of password encryption, although there are many simpler (and possibly less secure) ways to validate passwords: http://www.mlab.dnj.ynu.ac.jp/~uchiyama/md5java.html
.

The third approach uses the same technology as signed scripts, but otherwise isn't covered here. You require a server certificate instead of an object signing certificate to proceed.