Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

P.Bechthold

macrumors newbie
Original poster
Jan 27, 2011
4
0
Hello,

I have an iWeb site I maintain for my portfolio, part of a requirement for my BEd.

One of the pages contains all kinds of reference letters and my resume. I was informed by a professor that I needed to either password it or take it down because it violated FOIP. Rather than go into this with him, I obliged and put a script on the said page that would require a password to allow the page to open. If the password is incorrect it would redirect back to the home page. Here is the snippet:

<SCRIPT language="JavaScript">
<!--hide
var password;
var pass1="XPASSWORDX";
password=prompt('For privacy reasons, please contact XMYEMAIL@EMAIL.COMX to gain access','');
if (password==pass1)
alert('The password is correct. Click OK to continue.');
else
{
alert('Incorrect password');
window.location="http://www.PBechthold.com/";
}
//-->
</SCRIPT>

Of course, XPASSWORDX would be replaced with the real password and XMYEMAIL@EMAIL.COMX with my email address.

I have used a similar script on other pages too because I wanted some privacy. I understand how meager this is and wouldn't even call it security, but I do like the simplicity of implementation and it provides at least one roadblock to anyone out creeping the site.

Here is the problem:

When I start up safari on my mac or sometimes even just new tabs, I have found I get prompted with the password box as if I was trying to access the webpage in question (Resume.PBechthold.com) even when I am just opening gmail or something.

Question 1: If you visit the site and try to get in but cancel, do you have a similar symptom later on?

Question 2: If you get in to the site then leave, are you getting the prompt later as well?

Question 3: How easy is it to find out the password? I am not posting the password here and would request that you do not either if you find out what it is... But I trust it is very easy.

Thanks for all your help!
 
  1. I didn't experience that.
  2. I didn't experience that either, of course I didn't play with it long. I suspect the reason has something to do with you loading Resume_and_References.html into a frame.
  3. I don't need the password. All I have to do is turn off javascript and the browser bypasses your "login" altogether. At that point of course all it would take is a quick "View Source" to get the password.
A javascript login is worse than useless.
 
  1. I didn't experience that.
  2. I didn't experience that either, of course I didn't play with it long. I suspect the reason has something to do with you loading Resume_and_References.html into a frame.
  3. I don't need the password. All I have to do is turn off javascript and the browser bypasses your "login" altogether. At that point of course all it would take is a quick "View Source" to get the password.
A javascript login is worse than useless.


Yup it is pretty useless. Like I said though, it is more meant to be a due diligence bow to FOIP. I originally had all of these sites public until recently (2 years later) someone pointed out it should have some form of password.

I am very much a newbie to web development and I am just looking for the simplest password protection as possible. It also needs to be easy to add back in after publishing with iWeb because I update the pages frequently. Any suggestions?

Thanks for the details about how to bypass it. I find that interesting.

Please post back if you stat experiencing the randomly appearing prompt.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.