password using cgi

Hello,
I want to password protect a page on my site .
Thought cgi would be a better choice than javascript .
I have a javascript that displays one url if the password is right and another when it is wrong .
The problem is that the password is written in the page code and by any chance if the person gets there then they know it .

Is there a CGI utility that does the same ?

Thanks
regards
jeet

 

Well, a secure JavaScript login is possible, though not very practical.

A CGI script could be used as a kind of gateway to files on your site, but this might become inconvienent to manage.

If you're running on Apache then it would probably be easiest to use the server's own features.
http://httpd.apache.org/docs/2.0/howto/auth.html

 

hi,
It's only one page I need to add a password to .
Even I won't prefer javascript .
In the cgi script , I can change the password almost daily so even if someone "redistributes" the password then it won't work .

What I was thinking of is
Case 1 -
If the password is right then the user is redirected to another page else cancel page .

Case 2
if the password is right then the page is written using cgi else an error message is displayed.

Is there a script available like this one ?
Thanks
jeet

 

script could be used as a kind of gateway to files on your site

 

That's the basic idea, and there's really not much to it. At least, this side of things. What programming language are you using?

I have a PHP example that was written with quite a few extra requirements. I'd be happy to share it, but it's probably way more complicated than you want, and it leaves out one of your major requirements. It just prints "yes" or "no," depending on whether the password was legal and it wasn't just a page refresh.

Here are a couple of points to keep in mind:

You *can* do javascript validation if you want to make it more convenient (i.e. faster) for the user. Don't put the password into the actual page. When you generate the page server side, put in the MD5 of the password. Then use something like this md5 javascript on the client to check the password they entered.

That's a nice touch, and not much trouble. But you never trust client-side validation. So you have to verify the password again on the server. Remember, if it's for something important, use HTTPS.

If you're using PHP server side, the code looks something like this:

<?php
if($_POST['password'] == $password) {
?>
<!-- Redirect to the page they just logged into. The actual syntax for this has slipped my mind, and I'm way too tired to go look it up just now. Just send an HTTP redirect header -->
<?php
}
else {
?>
<!-- Redirect back to the login page--same as above -->
<?php
}
?>

Do this before you send any text. Redirects only work while you're sending headers.

Regards,
James