Menu
I have a static website that I want to protect with a username and/or password like apache's htaccess does but I don't want to host an apache server for it to work. How can I achieve this without frontend javascript?
The closest I've come using frontend JS (too insecure because source is visible):
<!DOCTYPE html>
<html lang="en">
<script>
var password = "password";
(function promptPass() {
var psw = prompt("Enter your Password");
while (psw !== password) {
alert("Incorrect Password");
return promptPass();
}
}());
alert('Correct Password\nWelcome!');
</script>
<body align="center">
<h1>Password Protected Site</h1>
<!-- Other page elements -->
</body>
</html>
484
asked Oct 30 '25 03:10
By default security has to be done on the backend (as already stated by others).
But one thing came to my mind to do some security on the frontend:
Use some JavaScript to request a passwort from the user and use this password for decrypting some encrypted string already available within the delivered page and replace the body's content with the decrypted data. There should be some libraries available for encrypting/decrypting data using JavaScript.
97
answered Nov 01 '25 17:11
As far as I know, anything that goes to frontend will always be visible. so to password protect a static html page you should password protect the file itself or you should prompt for a password from the page where this page is redirected.
41
answered Nov 01 '25 18:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With