Web design: What are my options for adding a password system to a site?
July 26, 2013 10:00 AM   Subscribe

Hi, I've recently completed web design courses in HTML and JavaScript with O'Reilly School of Technology. The courses were good but the main feature I'd like to add to my website is a password system. .

Ideally, I'd like to be able to offer unique passwords for each user. What content a user can see would be determined by privledges that I could also customise for them.

Is there a straightforward way to do this using a public domain code library? Are there any security implications?

Many thanks for any help with this
posted by Musashi Daryl to Computers & Internet (5 answers total) 5 users marked this as a favorite
What web server are you using and what, if any, technology are you using for server-side code? That's going to be a significant factor. Apache and PHP hosted on Linux is going to very different than IIS and ASP.Net on Windows...
posted by ElDiabloConQueso at 10:10 AM on July 26, 2013

Every blogging platform/content management system (i.e., wordpress, drupal, etc) comes with this functionality.
posted by tylerkaraszewski at 10:15 AM on July 26, 2013 [1 favorite]

If you have a small number of users that won't change and you really aren't securing anything too terribly important, but want to make sure Bob doesn't access Susan's stuff, you can secure directories with htpasswd.

If you need a real system and don't want to do too much heavy lifting yourself, pick a CMS like WordPress, Drupal, or and use it to deliver your HTML, CSS, and JS.

If you want to roll your own, you could use Mozilla Persona or openid. There are tutorials and libraries available for them.

posted by jsturgill at 11:06 AM on July 26, 2013 [1 favorite]

HTML and Javascript are both client-side technologies. You won't be able to build your own password system using just these. What you need to look into is server-side technologies and the general web request-response cycle. And yes, there are major security implications so you'll be better off using a third party platform to connect to, as suggested above.

Alternatively, you could look into meteor. They provide a lot of the wiring for you, so you could get away with just JavaScript.
posted by rada at 2:03 PM on July 26, 2013

Seconding Mozilla Persona. You can rely on them to do the hard/server/crypto parts, and mostly avoid doing anything on the server side exception the assertion check step.
posted by migurski at 1:18 AM on July 27, 2013

« Older Technology aids to help grandma get more out of...   |   Possible careers for an extrovert who is good with... Newer »
This thread is closed to new comments.