For me I think that the weakness of this script is being able to see what files are on the server. You see one called CodingForums.js. You open it - and you have the url of the protected web page. YOu have just circumnavigated this security system. Indeed - u can even see the url of the protected webpage: page.html - on the server. Type this into your browser and there you have the protected web content.
So this brings me to my Q: how can you prevent someone from seeing all the filenames on your server (such that they can then type them into their browser and look at them)? IS this possible?
To repeat for clarity:
Even this really good script is vulnerable to persons looking at your filenames on the server.
Is there anyway that I can prevent persons from discovering the names of all the files on my server? Best,