View Full Version : Using Javascript for moderate security .js included

05-29-2006, 02:14 AM
Hello, and help!

What I'm trying to do is put my favorites online so that I can access them from any computer. A friend of mine does this, but he's just relying on it not being bookmarked by anyone and not having his email and being in an obscure directory on his website. I'd like to take it a bit further for myself.

I had considered that the file would be something simple like f.html. f.html would get user input, from me, as a "password". However, the code would not validate the proper password (readable by a smart person) but the password would instead be a directory name. The javascript in f.html would then concatenate the variable received into a string that would be the name of the .js file to include (stuck out in some obscure directory). The included file would then proceed to write all the links.

I've only done enough reading to be dangerous, having just bought a couple of books yesterday.

Sooooo.... is my paradigm feasible? Will it work? Am I overlooking something obvious?


05-29-2006, 03:46 AM
AFAIK, people call that a "gateway" technique (the password IS the file you're trying to load). As long as you don't allow a directory listing, and assuming that the server is properly configured, then there isn't so much of a problem. It also has the advantage that changing your password simply involves renaming a file, although once you enter the password, the filename will appear in the cache, history, whatever, so that is a potential weakness in the scheme.

05-29-2006, 04:31 AM
Thanks, Jason!!!