How can I get a prompt to display as a password type Example

password=window.prompt("Enter Password");

I want what they enter to come up in asterics.

you can't. sorry.

what about with a VB script????? is it possible:confused:

you can use a <input type="password"> in the html, and, if you come in confilict with the source being read and then having the password revieled (if your not using a server based password script), you can encript it with a programm or script. Ill give you one if you need it

I would greatly apprecitate it if you could do that for me. Thanx

It won't work. I've been there and done that... the only halfway secure way to use a password in javascript is to have people type in a string and make that a link to a page you don't have any links to on your website, and make it something that's not easy to guess.

If you want to do any better than that, you have to use a server-side language. :)

I have a brute force crack for one of the "encrypted password script" javascripts, and any of them can be broken that way rather quickly that I've seen. After all, all you have to do is reproduce the method in which the password was created, using the "encryption" script itself. You'll get it eventually - and the really funny thing is, I couldn't find ANY sites that used them except for "javascript example" sites. Otherwise I would have emailed them letting them know their site was not secure. ;)

And you cannot encrypt client-side source code except for escaping it with javascript, which is easily figured out by anyone that knows javascript.... i.e. unescape(string).

:)

If you looked at my earlier post, all I want to do is star out what the user enters into a prompt. I am using this for a confirm on a profile change page. So when the user hits save the prompt pops up asking for their password. It checks to make sure it matches than it continues on. I just don't like the idea of anyone looking over their shoulder can see.

you can include the password field in the profile form that you are using.


<form name="profile" ...>

<!--fields here-->


<p>To change profile, you need to enter your password below:<br>
<input type="password" name="txtPW">
</p>
<p><input type="submit" name="btnSave" value="Save"></p>
</form>

then, whatever server-side language you are using, check the password before saving the data.

Yes I know that.. thanx ne ways.. lol... it was just something I was trying to do.

you can use a more secure methode that encripts the source and password so that in order to decript it you need the passwod
and inorder to decript this methode can take many many hours if the password is long enough

Hmm... apparently you didn't read my earlier post. :)

Anyway, unfortunately you can't change a prompt to use asterisks (as you can in a password input box).

I have made methods to make passwords protection in javascript that encripts the source of the page using a formula with a password, and then to decript it you need the correct password for the fomula to work, if you use an incorrect password, you get a bunch of nonsense thats the result of decripting the page with a different pattern or password. If the password is long enough such as lets say 10 characters to break it would require, with a 1.5ghz processor would take aproxametly 645655788.4681 days!! (found by trying to decrack a 3 digit password, and timing it and then using it perportionaly to 9292(the amount of chars on the keyboard (not ancii)) ^10
the formula:
(((92^10)/(92/3)) * (time it took for 92^3))/ (60*60*24)

(although on a cray computer it would take MUCH less time)
and server side passwords are still safer because a script can block ip's and put big delays in between passwords to make it even more secure

(note* your completly right about all other methodes such as unescape and simple password examples)

If you have gone to that much trouble encrypting passwords to use client-side, I just don't understand why you wouldn't just use a server-side language instead.

...but which script will be easier to write? One that takes you 5 minutes using ASP or PHP, or one that you work on for who knows how long in javascript that will likely never be used (except by you)? And is still less secure?

Not to mention - do you really want to take the time to encrypt every user's username and password, and then hard-code them into your webpage? I personally don't have time for that. :)

If you were using a database and a server-side scripting language, nothing is in the source code, and there is nothing for the would-be hacker to give him a clue to start with. That doesn't mean it can't be hacked (by a professional), that's why good websites don't store credit card information on their servers; but a javascript is just a sitting duck, no matter how "complex".

:D

your very true :D but lets say that if your server is one of those cheesy ones that does not let you do any server side scripting and you still want to make a secure password protected page, (and .... it will only work with ONE password, wich is even more sucky but better than nothing!):)

edit:
ps I dont know any server side languages :( , I just recently got a server that will let me put server side languages on it

In that case, take my posts as a hint. ;)

I wouldn't ever use a host that doesn't support a server-side scripting language, unless it's my sister's site and she has no data to keep track of. :)

I'd look up PHP and ASP if I were you - neither one of them are too challenging (although I still haven't had time to learn PHP thoroughly, since I work as an ASP web developer, and have somewhat limited time).

It might be a little challenging at first, but it sounds like you're up to the challenge. If you're running a windows system you can go to:

http://www.webmonkey.com/authoring

and click on "backend programming" link, and take some of the tutorials there.

The thing is, once you learn this stuff, with databases, you'll be like "gee whiz, client-side scripting is great, but it is very limited!"

Javascript is still a must-know language though. :)

Thanks for the recomendation, I would really like to learn server side languages. I should because of some things that I would really like to make more interative and stuff, so I dont have to have cheesy email form things that just send emails that make me do lots of manual work.
Ps have you ever heard of server side Javascript?? is that any good?

Well, you can use javascript (as JScript (or even JavaScript in ASP), but it's the same thing) server-side with ASP and ASP.NET. And actually PHP has very similar syntax, since both PHP and JavaScript are similar to C or C++ type syntax.

The thing is, if you understand basic programming logic (in any language, like if/then for/next, etc.), then most of what you have to learn is just relational databases, which isn't any harder, it will just empower you further.

All databases will do in the long run is make your life simpler, since that's what they are designed to do! :)

If you want to get a basic handle on it, check out:

http://hotwired.lycos.com/webmonkey/backend/databases/

You will NOT be sorry if you really apply yourself to this. Learning this stuff has honestly changed my life, and I still have a lot to learn, but I have a pretty good handle on it.

You could even call it a "rags to riches" story... consider the difference between "gee, I wish I could get a new computer" to "Gee, I think I need a new computer, I should look up all of the best hardware and order the parts to build my system since I can buy whatever I want, and now which party should I go to Saturday?". :D