Could a client-side login to some page, e.g. example.html, be made safe through use of hashing etc.? I am asking mostly out of curiosity, but there might be some use-cases for things like a CMS for GitHub Pages or any arbitrary serverless application that resides inside the browser but needs a way to authenticate a user.
For example, if you have file x.txt where a salted hash of the password is stored and you compare the input of the password with it, you would have decent security in itself, if the password is strong enough of course. But since some dude with bad intentions could just remove your JavaScript, it would be worthless since the authentification can just be bypassed.
What I thought of would be to store a cookie with the password hash and only display sites where no login is needed. If one is needed, just display blank. Yet again, js could just be removed and it is therefor useless.
But since some dude with bad intentions could just remove your JavaScript, it would be worthless since the authentication can just be bypassed
Exactly. If the hidden information is already on the client, a malicious user can programmatically bypass the logic to access it.
To fix this, you would need to store hidden information on a server, where it requires a certain credential to access it.
The simplest way around this, without hosting your own server (AFAIK) is Firebase Authentication. Place your hidden stuff on Firebase and leverage on their authentication (Sign in with Google).