How it Works
When the WBPS program starts, you are prompted to enter information about your users, their passwords, secure pages, error pages, etc. After you have entered the required information, the program produces several JavaScript and HTML files, which are located in a subfolder under your main Web site's folder. The program also produces two sets of HTML and Javascript code, which you must copy and paste into your login page and the pages you want to secure.
When completed, your site will consist of one or more pages where a user can login and one or more secure pages that can only be viewed by a visitor who has successfully logged in. Once a user has logged in, he/she will be directed to the secure page that you designate.
When a visitor accesses amy secure page on your site, logic in the page checks to ensure that he/she is an authorized user. If the user has successfully logged in, he or she will be able to see the page's contents:
A visitor who has not successfully logged in, however, and who tries to access a secure page will not see the page's contents. Instead, he or she will be redirected to a page that contains an error message:
WebBuild Password Security utilizes state-of-the-art technology for using passwords to keep Web pages secure from the general public. As of this date there are no documented cases of this technology being breached in any way. It is remotely possible that a dedicated hacker with limitless resources might someday penetrate sites that use WBPS. It is more likely, however, that unauthorized users might gain access to a secure site by taking advantage of poor security practices, like someone taping his/her user name and password to a computer terminal on a "sticky note". Consequently, we do not recommend that you use WBPS to protect critical data. Do not use WBPS, for example, for trade secrets, customers' credit card numbers, social security numbers, patients' medical information, or other highly-sensitive, confidential, or private data. (For more information about good security practices to minimize the risk that an unauthorized persion might penetrate your site's security, click here).
|
|
