How it Works 2

There is also a screen for setting the appearance of the login screen and the contents of the error page that a user will see if he/she accesses a secure page without having logged in. In addition there are several analytic utilities for analyzing the security of a site you build.

Here is how WebBuild Password Security works on a site that has been configured using the WBPS program:

Login

The site contains two JavaScript files, created by the WBPS program, for each password set. The first (passwordsetname.PWD1.js) includes hidden information about each user who is authorized to access secure pages on the site.

The second file (passwordsetname.PwFuncts.js) contains the functions for validating passwords entered by users.

These two files are referenced by the JavaScript code that you copy from the Step 3 screen into your Login page. When a user name and password are entered, the code calls the functions in PwFuncts.js and determines whether the password entered is valid. If a valid user name/password combination was entered, the program writes a cookie on the user's browser indicating that he/she has been authenticated and takes the user to the designated secure page. If unsuccessful, the user is presented with an error message ("Invalid User Name/Password").

Secure Pages

The WBPS program creates two files on the Web site for each password set. The first (passwordsetname.DestVal.js) contains the functions for validating whether the visitor to the page is a user authenticated for the password set. The second (passwordsetname.PwdError.htm) is a HTML page containing an error message.

When a visitor accesses a secure page, a JavaScript program checks that he/she has a cookie indicating a successful login. If the cookie is found, the contents of the page are displayed. If the cookie is not found, the visitor is redirected to the error page.

Security Bulletins and Fixes

More about the Technology

When you run the WebBuild Password Security program, a "Wizard" takes you through a three-step process.

In Step 1 you specify the "application" and "password set" that you want to use. "Application" corresponds to the Web site. "Password sets" are groups of users for a particular purpose. (You might have one password set for customers and another for employees – a customer who logs in would be able to view the pages you have designated for customers, but would not be able to view employee pages).

In Step 2you enter data for each authorized user. This includes the user name, password, and the page that the user will go to upon successful login.

In Step 3 the program creates several JavaScript and HTML files that are automatically written to a subfolder under the folder for the application specified in Step 1. The program also presents you with two sets of HTML and JavaScript code that you should copy and paste to appropriate places on your site:

User Manual

More about WBPS technology . . . .

How it Works

Why You Need
Password Security

WBPS In Action

Free Trial

FAQ's

The code for logging in must be pasted into pages where you give users the opportunity to log in. This code will present a user with fields to enter a user name and password and will validate the information entered. If the user has specified a user name/password combination that you entered in Step 2, he/she will be redirected to the page you specified.

The HTML and JavaScript code for secure pages must be copied from the screen in Step 3 and pasted into the head of all pages that you want to make secure for users in this password set. It performs a test to verify that the visitor to the page has successfully logged in. If he/she has, it enables the user to view the content of the page; if he/she has not, it redirects him/her to the error page you configured in Step 3.

Demonstration

Overview