----------------------------------------
PASSWORD SCRIPT
------------------
If a visitor wants to go the the password protected page, they must first enter the correct password on the previous page. (Note: The password is the protected filename without the .html ending.)
This method is secure as long as the person cannot find out the name of all the files on your server. Is it possible to stop them knowing the names of all the files on my server?
---------------------------------------

<BODY>

<SCRIPT LANGUAGE="JavaScript">
var password = ''
password=prompt('Please enter your password:','');
if (password!= null) {
location.href= password + ".html";
}
</SCRIPT>

</BODY>

So my question is:

Is it possible for a website viewer to see all the filenames on my server? Perhaps to bring up some kind of index to see all the files on my server?

If so they would be able to crack this password system. Tragedy!

By the way - I know that server side is the way to go for security - but just humour me. I am trying to do it with javascript.

Would really appreciate some advice. Thanks guys.