Printable View
I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.
In terms of security, there are a number of vulnerabilities that exist for both OOP languages. What sort of audience will be viewing your site? A lot of corporate security policies turn both Java and Javascript off for security reasons.
I guess depending on what you are planning on doing with it Java may have more flexibility, whereas Javascript can be learned and utilized over a weekend.
In terms of compatibility, Java may be cross platform but some applications are very sensitive to the version of the JRE that has been installed and in some cases installing a newer JRE will break older Java applets. Javascript (the Mozilla kind) is widely supported by the latest Mozzilla, IE and Opera browsers.
hmmm, interesting....
my audience is whoever wants to view the site by the way, as the security is just for fun
You don't need access to a server to test client side applications ;) Just build your app and drag and drop the html into your browser. Client side authentication or security is an oxymoron. Java applets are harder to tweak and such in comparison to javascript, but they both suck. Applets are also easily reverse engineered.Quote:
Originally posted here by Spekter1080
I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.
Use a server side script for this. :)
He wants to create “some security just for fun”. – HAHA
Just an idea..
Any authenthification should be done on the server and NOT in plain text but as far as any kind of functionality on the web site it should run on the client side. Why risk having possibly buggy code running on your hardware and why for that matter, waste server side resources
Soda, first of all, I never ment for the "security" to be anything more than an application of my skills. It is not intended to keep anyone out. Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.
As for you, unhappy, I know already what you said. I do, however, totally agree with you. As you will recall, however, the experiment is not a serious attempt and should not be treated as such. Thank you for you input though.
I was taking a Java course last year to fine tune my skills. Our professor decided to skip javascript because she said it wont be used as much anymore because of security issues and that a lot of people block it now.
We ended up going into JSP more, which was great for me because it helped me with my web interface for the SQL database.
IMO, Java would be more secure. If you create your classes right, you have more flexability on how objects are used and how variables are accessed. I'm not a hacker or a security specialist, but I feel better having my main class files located on my server. In my case, I used Tomcat.
Then I hope you can restrict users of your software by literacy. It only takes one threat to actualize a risk. :)Quote:
Originally posted here by Spekter1080
Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.
What's better at protecting a farm, a "do not enter" sign, or a scarecrow? I could give you an answer, but I can still steal your corn.Quote:
I want to know what your opinions are on using a Java applet versus JavaScript.
I'm going to make a couple of assumptions... If they are wrong.... don't yell... just correct them....
You state that you want to create a web page. The implication of that is that you intend the page to be publicly available.Quote:
however, the experiment is not a serious attempt
You state that you want to experiment with security. The implication is that you intend and are competent in monitoring that web page and, ultimately, the server for compromise.
You stated that your security isn't intended to keep anybody out.... Not sure what to say about that other than the point above is probably not going to occur, (proper monitoring and recognition of compromise).
Now to the guts of my response.....
You don't _play_ at security on the public internet.... Your web page becomes someone else's conduit to attack me... This is the irresponsible use of the internet that allows those of malicious intent to have their way so easily... You don't appear to be competent to do this properly, so please don't do it if it is publicly available...
Understood?
I do not get the idea behind the experiment to begin with. Java and JavaScript are comparing apples and oranges.
*falls over* I sorry! *bows over and over again* geez, all I wanted was to test an applet or a script that was not connected to anything other than the web page itself. There would be no connections to a server other than hosting it....Quote:
Originally posted here by Tiger Shark
I'm going to make a couple of assumptions... If they are wrong.... don't yell... just correct them....
You state that you want to create a web page. The implication of that is that you intend the page to be publicly available.
You state that you want to experiment with security. The implication is that you intend and are competent in monitoring that web page and, ultimately, the server for compromise.
You stated that your security isn't intended to keep anybody out.... Not sure what to say about that other than the point above is probably not going to occur, (proper monitoring and recognition of compromise).
Now to the guts of my response.....
You don't _play_ at security on the public internet.... Your web page becomes someone else's conduit to attack me... This is the irresponsible use of the internet that allows those of malicious intent to have their way so easily... You don't appear to be competent to do this properly, so please don't do it if it is publicly available...
Understood?
My original idea was that if i gave a person the "password" then that person could look a photo album or something that not everyone else could see. Everything would be completely contained within the HTML pages
I am sorry if I have offended any of you for releasing my idea into the public eye...
I'm not offended. What's the old saying? You almost have to forgive ignorance?
That said, your idea and experiment itself is not bad. In fact, it's a healthy curiousity. I encourage you to experiment, however, you are missing an important point that unfortunately was smashed over your head by our good friend Tiger.
Hooking hosts up to the internet without understanding the consiquences is a pretty bad thing to do. If your experiment goes wrong, it may become other peoples' problem. Even if the experiment goes right, the host may have other weaknesses that may become the problem of others.
You can liken this to the guy who just wanted to site in his deer rifle in the backyard. He didn't mean to tear a hole in the neighbor's house, it just happened as he was experimenting with the windage knobs on the scope.
Make sense?
--TH13
PS
Java of any kind is crappy. If you are interested in mobile code, look into PERL, Python or the like.
Hi
Fist of all...you cannot get any security with javascript....it's just for managing the web pages....gettins info...but not for more....
algo from applets....those can be downloaded and decompiled ( DJ java decompiler )
I'll suguest you'll make somo dinamical page..usgin jsp for example where you can log user activitiy and at the end of the session ( before the user closes the explorer...or goes somewhere else) show him what he has done...
It'll be a god aproach to site monitoring...and also'll increase your programming skills
thehorse13, thank you for explaining this to me. from now on I will not host my files, and i will investigate jsp like some of the others have suggested.
Glad to assist. Again, don't be afraid to post here. Sometimes people, while acting in good faith, pounce a little too early.
--Th13