Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Apr 2003
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question about password encryption

    Hello, I have a question about javascript password encryption. I found a script online and it works, but the user could easily just type in the url as oppose to entering through the encrypted page.

    For instance... if I put the script on "www.asdf.index.htm" that would direct to the page "www.asdf.welcome.htm" if the user inputs the correct password. But if the user simply new the directed page "www.asdf.welcome.htm", then they could type that in and bypass the script.

    Is there a way to prevent this?

    THanks!

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,922
    Thanks
    203
    Thanked 2,531 Times in 2,509 Posts
    Have a look at

    http://codingforums.com/showthread.p...threadid=10114

    This is the best you are going to get without server side
    authentication.

  • #3
    Regular Coder
    Join Date
    Aug 2002
    Location
    Spain
    Posts
    420
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There's no way to prevent direct access to the page with client-side password protection. You can try to use cookies, and add a script in every page to check if the user has logged or not... but it can be bypassed or produce problems.

    However, if you really need to secure a page, you need server-side authentication
    Don't resist to assimilation. Billions of Borgs can't be wrong!

  • #4
    Regular Coder
    Join Date
    Mar 2003
    Posts
    176
    Thanks
    0
    Thanked 0 Times in 0 Posts
    never tried it ( i suspect borgoise cookie is right), but how how about document referrer? You could always say: "bugger the encrytion...its not worth my while without control of the server"...my advice...nothings secure.
    Last edited by HairyTeeth; 04-07-2003 at 11:50 AM.

  • #5
    New Coder
    Join Date
    Apr 2003
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Philip, Ill check that out. Thx.

    How about this script? http://javascript.internet.com/passw...er.html#source

    Also claimed to be the best you can get....???


    I haven't tried cookies, but my site isn't anything that needs to be secured. I just thought it was a neat addition


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •