User-based security

User-based security means forcing the user to login to a web server before any of its documents, scripts or server-side programs can be used. Once the user supplies the correct information, they are trusted to download the web pages. The computer protocol underneath the Web (HTTP) doesn't provide comprehensive support for user logins, so you have to make do with the basics available.

There are three main approaches, none of which require much JavaScript. They are:

These kind of high jinks with the browser are beyond a JavaScript book, so only a few pointers are supplied.

The first two options are described in

http://www.webthing.com/tutorials/login.html
. If you decide to use the latter technique, you will need a method of encrypting the supplied password in your CGI program and possibly in the browser as well. If the CGI program is written in JavaScript, this URL contains an industrial strength example of password encryption, although there are many simpler (and possibly less secure) ways to validate passwords:
http://www.mlab.dnj.ynu.ac.jp/~uchiyama/md5java.html
.

The third approach uses the same technology as signed scripts, but otherwise isn't covered here. You require a server certificate instead of an object signing certificate to proceed.

© 1997 by Wrox Press. All rights reserved.