Preserved Topic: Best way of doing a multiple user login page (Page 1 of 1)

Well, since I have been told that the way I was doing it would make it so anybody who can read source code be able to see the passwords, and I can't encrypt it, how can I do it so that I can have a fairly secure login page, with multiple users, that doesn't require CGI?

^_^

.htaccess may be able to do this.

In the future, please reply to the current thread rather than starting a new thread on the same topic.

Sorry, I think I hit the wrong button, I thought I was replying. is htaccess a user?

^_^

Nope, it's a file on the server which specifies some ways that the server should respond to certain things. I asked a question in server-side scripting about it, and some people gave some helpful links...

Here is a tutorial that I did on .htaccess... http://www.gurusnetwork.com/tutorials/misc/htaccess.html

you can still make a multiple login page via JS, and it can be fairly secure, check this page out:
http://members.iinet.net.au/~biab/login.htm

I am doing some webdesign at the moment, but I don't know much about security. I have a page with a self-made login thing and it is given to ASP. http://www.ncs-dos.org/symposium/view.htm
The script runs on the server so I thought that I must be save. Is this correct?

Sort of. It's not a secure connection, so someone could find the password as someone sent it via HTTP. But it'll stop average people.

Don't get it. 'someone could find the password as someone sent it via HTTP'?
Can you explain that? Do you mean that somebody can intercept a request for access?

Liluth, yep...unsecure connection can be easily dumped and analyzed...

try it locally:
get EtherPeek from http://www.wildpackets.com/products/etherpeek

and then start it and record while you login to your unsecure page,
you'll see all the variables that passed from your client browser...

Thanx a lot