Ok, this a “slap me on the forehead thing”. This is probably the worst possible way to secure a web site. It’s one step from NOT securing it at all. I can’t believe I’m writing this, because it’s painful to know that companies do this sort of thing:
if (username == "client1" && password == "client1") { window.location = "http://www.blah.com/client1/"; }
if (username == "client2" && password == "client2") { window.location = "http://www.blah.com/client2/"; }
This should be obvious now, and the only reason I’m mentioning it is because I’ve seen this type of “security” in the wild. If I were a potential client, I’d be afraid.
So please… never, EVER rely on Javascript to secure your site. Especially if you want clients to take you seriously.