...

View Full Version : Question about password encryption



TygGer
04-07-2003, 03:43 AM
Hello, I have a question about javascript password encryption. I found a script online and it works, but the user could easily just type in the url as oppose to entering through the encrypted page.

For instance... if I put the script on "www.asdf.index.htm" that would direct to the page "www.asdf.welcome.htm" if the user inputs the correct password. But if the user simply new the directed page "www.asdf.welcome.htm", then they could type that in and bypass the script.

Is there a way to prevent this?

THanks!

Philip M
04-07-2003, 08:05 AM
Have a look at

http://codingforums.com/showthread.php?s=&threadid=10114

This is the best you are going to get without server side
authentication.

Borgtex
04-07-2003, 11:48 AM
There's no way to prevent direct access to the page with client-side password protection. You can try to use cookies, and add a script in every page to check if the user has logged or not... but it can be bypassed or produce problems.

However, if you really need to secure a page, you need server-side authentication

HairyTeeth
04-07-2003, 12:46 PM
never tried it ( i suspect borgoise cookie is right), but how how about document referrer? You could always say: "bugger the encrytion...its not worth my while without control of the server"...my advice...nothings secure.

TygGer
04-08-2003, 05:50 PM
Philip, Ill check that out. Thx.

How about this script? http://javascript.internet.com/passwords/login-coder.html#source

Also claimed to be the best you can get....???


I haven't tried cookies, but my site isn't anything that needs to be secured. I just thought it was a neat addition :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum