I have designed a web site, the entry for which, is password controlled. Howver I have found two weaknesses.

First
If someone genuinally enters the web site, using the password, and then saves the url e.g. www.domain.com/second-page.html e.g. in their favourites they can access the web site directly. I really want them to log in properly EACH time.

Second

The website has around 300 pages and has been optimised. Therefore most of the web pages can be found in the likes og Google etc by typing in a search term. The page of course then shows and people click on it and enter the web site without using the password. To access that singular page is not a concern, however I want to stop them proceeding to examine other pages by use of the menu.

I am relatively new to JavaScript and am struggling to find any assistance in books etc. It is as though this problem has never been encoutered before. I am sure that is not true.

Any asssistance would be greatly appreciated.

Regards

Cheyanne

: I have designed a web site, the entry for which, is password
: controlled. Howver I have found two weaknesses.
:
: First
: If someone genuinally enters the web site, using the password, and
: then saves the url e.g. www.domain.com/second-page.html e.g. in
: their favourites they can access the web site directly. I really
: want them to log in properly EACH time.
:
: Second
:
: The website has around 300 pages and has been optimised. Therefore
: most of the web pages can be found in the likes og Google etc by
: typing in a search term. The page of course then shows and people
: click on it and enter the web site without using the password. To
: access that singular page is not a concern, however I want to stop
: them proceeding to examine other pages by use of the menu.
:
: I am relatively new to JavaScript and am struggling to find any
: assistance in books etc. It is as though this problem has never been
: encoutered before. I am sure that is not true.
:
: Any asssistance would be greatly appreciated.
:
: Regards
:
: Cheyanne
:
This problem cannot be solved by using client-side javascript. You need to use some kind of server-side scripting, like php/cgi/jsp/asp.

: : I have designed a web site, the entry for which, is password
: : controlled. Howver I have found two weaknesses.
: :
: : First
: : If someone genuinally enters the web site, using the password, and
: : then saves the url e.g. www.domain.com/second-page.html e.g. in
: : their favourites they can access the web site directly. I really
: : want them to log in properly EACH time.
: :
: : Second
: :
: : The website has around 300 pages and has been optimised. Therefore
: : most of the web pages can be found in the likes og Google etc by
: : typing in a search term. The page of course then shows and people
: : click on it and enter the web site without using the password. To
: : access that singular page is not a concern, however I want to stop
: : them proceeding to examine other pages by use of the menu.
: :
: : I am relatively new to JavaScript and am struggling to find any
: : assistance in books etc. It is as though this problem has never been
: : encoutered before. I am sure that is not true.
: :
: : Any asssistance would be greatly appreciated.
: :
: : Regards
: :
: : Cheyanne
: :
: This problem cannot be solved by using client-side javascript. You
: need to use some kind of server-side scripting, like php/cgi/jsp/asp.

Another problem you may run into is when the search engines visit your site to re-index. When you password protect your pages, it may prevent the SE's from including your pages and then the pages might get dropped from the SE.

When dealing with your webpage, there are two kinds of programming: server-side and client-side.

Client-side code is executed on the client's computer. Javascript is client-side. When the page is loaded on the user's computer, the javascript is interpreted by their browser (IE, Firefox, Safari, etc) and executed.

Server-side code is executed on the server. When the user's browser requests a page, the page request is sent to the server. The server then executes any code associated with that page (as well as code associated with the website, etc), and returns a stream of HTML which the user's browser interprets as a "web page".

When the user's browser sends a request to the server, it sends other information, including any cookies (small files of information set by the website) or form values. Using server-side code, you can use cookies, form values, querystrings, etc, to keep track of individual users, their logged in status, their logged in level (or, which pages they are allowed to access), etc.

There are several server-side languages to choose from depending on your server's operating system. If you are using a linux or unix system, php and perl are popular choices. If you are using Windows, php is still an option, but I would recommend you get Microsoft's asp.net. They have recently begun providing a free version which can handle most basic scenarios, including password protected sites.

The next step would be to look into getting a database server to store all those usernames and passwords... :)

-cyb

Hi Cyb

Many thanks for taking the time to reply. The solutions are clearly not as simple as I had hoped for.

Regards

Cheyanne


: When dealing with your webpage, there are two kinds of programming:
: server-side and client-side.
:
: Client-side code is executed on the client's computer. Javascript is
: client-side. When the page is loaded on the user's computer, the
: javascript is interpreted by their browser (IE, Firefox, Safari,
: etc) and executed.
:
: Server-side code is executed on the server. When the user's browser
: requests a page, the page request is sent to the server. The server
: then executes any code associated with that page (as well as code
: associated with the website, etc), and returns a stream of HTML
: which the user's browser interprets as a "web page".
:
: When the user's browser sends a request to the server, it sends
: other information, including any cookies (small files of information
: set by the website) or form values. Using server-side code, you can
: use cookies, form values, querystrings, etc, to keep track of
: individual users, their logged in status, their logged in level (or,
: which pages they are allowed to access), etc.
:
: There are several server-side languages to choose from depending on
: your server's operating system. If you are using a linux or unix
: system, php and perl are popular choices. If you are using Windows,
: php is still an option, but I would recommend you get Microsoft's
: asp.net. They have recently begun providing a free version which can
: handle most basic scenarios, including password protected sites.
:
: The next step would be to look into getting a database server to
: store all those usernames and passwords... :)
:
: -cyb
:

: Hi Cyb
:
: Many thanks for taking the time to reply. The solutions are clearly
: not as simple as I had hoped for.
:
: Regards
:
: Cheyanne
:
:
: : When dealing with your webpage, there are two kinds of programming:
: : server-side and client-side.
: :
: : Client-side code is executed on the client's computer. Javascript is
: : client-side. When the page is loaded on the user's computer, the
: : javascript is interpreted by their browser (IE, Firefox, Safari,
: : etc) and executed.
: :
: : Server-side code is executed on the server. When the user's browser
: : requests a page, the page request is sent to the server. The server
: : then executes any code associated with that page (as well as code
: : associated with the website, etc), and returns a stream of HTML
: : which the user's browser interprets as a "web page".
: :
: : When the user's browser sends a request to the server, it sends
: : other information, including any cookies (small files of information
: : set by the website) or form values. Using server-side code, you can
: : use cookies, form values, querystrings, etc, to keep track of
: : individual users, their logged in status, their logged in level (or,
: : which pages they are allowed to access), etc.
: :
: : There are several server-side languages to choose from depending on
: : your server's operating system. If you are using a linux or unix
: : system, php and perl are popular choices. If you are using Windows,
: : php is still an option, but I would recommend you get Microsoft's
: : asp.net. They have recently begun providing a free version which can
: : handle most basic scenarios, including password protected sites.
: :
: : The next step would be to look into getting a database server to
: : store all those usernames and passwords... :)
: :
: : -cyb
: :
:
:

This is a good example of audience. Here is a list of universal, industry-standard codes: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

You may want to get with your administrator or provider about
how these techniques may be applied. Redirects are mentioned
several time, yet not a hint of authentication. 404 are
the most regularly achieved responses behind 200

Use "robots" HTML meta-tags or a "robots.txt" text file to hide pages from web crawlers. And, if your server permits it, use a .htaccess file to block certain pages / directories.