«

Hi all

I like to make a log in page for my customer so each customer will
have there own user name and password and after they enter them user
name and password they will be taken to the different pages.
What is the secure way to do this.
I found some JavaScript to do that but it look very unsecured.

Thanks

steve wrote:

> Hi all
>
> I like to make a log in page for my customer so each customer will
> have there own user name and password and after they enter them user
> name and password they will be taken to the different pages.
> What is the secure way to do this.

In a nutshell:
* Run everything over https so its encrypted
* Have the password sent for every page, either using basic authentication,
or cookies[1]
* Authenticate the password with some process running on the server. The
specifics depend on the features of the server.

[1] Don't depend on one check and then given them an unprotected URI. That
way leads to allowing the password to be bypassed

--
David Dorward http://dorward.me.uk/

> steve wrote:
>
> > Hi all
> >
> > I like to make a log in page for my customer so each customer will
> > have there own user name and password and after they enter them
user
> > name and password they will be taken to the different pages.
> > What is the secure way to do this.
>
> In a nutshell:
> * Run everything over https so its encrypted
> * Have the password sent for every page, either using basic
authentication,
> or cookies[1]
> * Authenticate the password with some process running on the server.
The
> specifics depend on the features of the server.
>
> [1] Don't depend on one check and then given them an unprotected
URI. That
> way leads to allowing the password to be bypassed

How do I protect the page?

steve wrote:
> How do I protect the page?

I explained it here: <bn9mjj$6tf$1$>

Hint: If you need more detail about something, then don't full quote the
reply and follow it with a repeat of the original question.

--
David Dorward http://dorward.me.uk/