Simplest form of security to protect a page

I'm working on a site whereby a customer needs to input a given "code" in order to access a website. I.e. when the customer hits the site they are prompted to enter a very simple code which will let them access the rest of the site. Now I'm not a great programmer as such (my skills limited to HTML, CSS and JSP). The site is only going to be accessed by your average 'Joe Bloggs' (but of course it would be naive of me to think that other, more 'tech-savvy' won't be able to access the site - there is nothing 'sensitive' that they would know even if they did access it).

I'm using a crappy CMS (TeamSite) and have built the site in HTML and CSS so far. What is the simplest form of 'security' (and I use the term loosely) that I could implement to allow customer access to the rest of the site? I assume that I could just do a crappy function in JSP that would say:

`if input = 'this' then take customer here` 

but I realise that this is very poor. Now the site is only going to be accessible by a few 100 people as it's just a pilot scheme. If this were to become 'bigger' we would of course look at something more robust (in terms of security) but I need an interim solution. I could of course just include the JS in the <head> file and I realise this is incredibly daft but again, this site isn't intended for tech savvy users...I just want to be able to hide the "code" from your everyday user, judging by what I've said abov开发者_如何学Pythone users that View the source code would be able to access the code...

I would appreciate your thoughts and thanks in advance.

Hmm, if you want to implement anything with javascript/html/css its all going to be readable by anyone.

I would however suggest using a .htaccess file, there's even a nifty generator here: http://tools.dynamicdrive.com/password/

PHP would be an obvious choice however...

I'd use a scheme like this pseudocode. Let hash be some cryptographic hash function. Assume '0123456789abcdef' is the hash of the hash of your chosen password.

if ('0123456789abcdef' == hash(hash(input))) {
    HttpRedirect(hash(input) + '.html')
}

This requires you to name your destination file as the hash of the password, but it's about the best you can do without more control over the web server.

If JavaScript is executed by a browser, the user can get to that JavaScript to view it. End of story. You can open up Gmail right now and view every single bit of JS they use. JavaScript runs uncompilled on the user's machine and is right there. Hell, if you View Source in Firefox, script tags are CLICKABLE like hyperlinks. They'll load up the script in the View Source window!

Only workaround to discourage non-savy users from getting to the pass phrase is to put all the login logic in a separate JS file ("login.js" or something), and then your template has a JS statement like:

document.write("<script type='text/javascript' src='login.js'></script>")

At least that way, the user won't see the login code if they do "View Source", they'll just see the above line. A developer would know to put "login.js" in the address bar and see what comes down, but a noob just looking to f*** around will probably miss it.

If you're looking for a simple solution I would take a look at Basic authentication. You will need to configure it at the webserver level but it's a quick and easy solution for basic security.

This really is kind of poor. While you could do this, if you had no other options. I would at least recommend linking to an external JS file. That way at least your authentication mechanism isn't directly viewable in the source of the page. For a purelys javascript, HTML only implementation that would probably be your best result. It would be well worth it to have some type of DB associated with HTTPS.