Back in the 1990s and early 2000s, someone created a "clever" way to put static pages behind a password, using a little bit of JavaScript to make it look nice. Essentially, the tool would ask for a password, and then try to load a page containing the password as the name. If found, that page would likely redirect to another page under some "secret" directory. This worked because if no one had any link to the "secret" pages, no one would know they exist or their path. Even though it used JavaScript, the password was stored server-side, with no easy way to brute-force it (other than doing too many HTTP requests). It was better than most (stupid) JavaScript-based password prompts (that could be bypassed by disabling JavaScript or by looking at the source-code). The password ended up in plaintext in both server logs and browser history and anywhere else, because the password was the filename. Remember, this was a time of Geocities and many other free hosting sites. HTTPS usage was very limited, and even "Dynamic HTML" was at its infancy. https://web.archive.org/web/20000823234706/http://www.pagetutor.com/keeper/