Java authentication security!
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Java authentication security!

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Posts
    109

    Java authentication security!

    Hi, lately its seams that im posting here very offen!


    This time is, on this code:

    <script>
    document.write(unescape("<SCRIPT LANGUAGE="JavaScript">
    function Login(){
    var done=0;
    var username=document.login.username.value;
    username=username.toLowerCase();
    var password=document.login.password.value;
    password=password.toLowerCase();
    if (username=="test" && password=="test") { window.open('http://www...., 'test', 'console=0,menubar=0,toolbar=0,location=0,directories=0,status=0,scrollbars=0,width=630,height=650'); done=1; }
    if (done==0) { window.open('http://www....', 'test', 'console=0,menubar=0,toolbar=0,location=0,directories=0,status=0,scrollbars=0,width=630,height=650'); }
    }
    </SCRIPT>


    <center>
    <form name=login>
    <table width=225 border=0 cellpadding=0>
    <tr><td>Username:</td><td><input type=text name=username></td></tr>
    <tr><td>Password:</td><td><input type=text name=password></td></tr>
    <tr><td colspan=3 align=center><input type=button value="Teste" onClick="Login()"></td></tr>
    </table>
    </form>
    </center>


    In the Login Password, i whant the pass to appear like ******* when the user types its password, instead of the "password" it self.

    I dont whant a new code, just...modify this one to do that, but maitaining the same functions of it at the same time.

    Can that be done?


    Thanx
    Owmen

  2. #2
    Senior Member
    Join Date
    Apr 2003
    Posts
    109

    Java authentication security!

    Hi, lately its seams that im posting here very offen!


    This time is, on this code:

    <script>
    document.write(unescape("<SCRIPT LANGUAGE="JavaScript">
    function Login(){
    var done=0;
    var username=document.login.username.value;
    username=username.toLowerCase();
    var password=document.login.password.value;
    password=password.toLowerCase();
    if (username=="test" && password=="test") { window.open('http://www...., 'test', 'console=0,menubar=0,toolbar=0,location=0,directories=0,status=0,scrollbars=0,width=630,height=650'); done=1; }
    if (done==0) { window.open('http://www....', 'test', 'console=0,menubar=0,toolbar=0,location=0,directories=0,status=0,scrollbars=0,width=630,height=650'); }
    }
    </SCRIPT>


    <center>
    <form name=login>
    <table width=225 border=0 cellpadding=0>
    <tr><td>Username:</td><td><input type=text name=username></td></tr>
    <tr><td>Password:</td><td><input type=text name=password></td></tr>
    <tr><td colspan=3 align=center><input type=button value="Teste" onClick="Login()"></td></tr>
    </table>
    </form>
    </center>


    In the Login Password, i whant the pass to appear like ******* when the user types its password, instead of the "password" it self.

    I dont whant a new code, just...modify this one to do that, but maitaining the same functions of it at the same time.

    Can that be done?


    Thanx
    Owmen

  3. #3
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    666
    hi


    here.

    that was simple .
    input type=password
    Code:
    <script>
    document.write(unescape("<SCRIPT LANGUAGE="JavaScript">
    function Login(){
    var done=0;
    var username=document.login.username.value;
    username=username.toLowerCase();
    var password=document.login.password.value;
    password=password.toLowerCase();
    if (username=="test" && password=="test") { window.open('http://www...., 'test', 'console=0,menubar=0,toolbar=0,location=0,director
    ies=0,status=0,scrollbars=0,width=630,height=650')
    ; done=1; }
    if (done==0) { window.open('http://www....', 'test', 'console=0,menubar=0,toolbar=0,location=0,director
    ies=0,status=0,scrollbars=0,width=630,height=650')
    ; }
    }
    </SCRIPT>
    
    
    <center>
    <form name=login>
    <table width=225 border=0 cellpadding=0>
    <tr><td>Username:</td><td><input type=text name=username></td></tr>
    <tr><td>Password:</td><td><input type=password name=password></td></tr>
    <tr><td colspan=3 align=center><input type=button value="Teste" onClick="Login()"></td></tr>
    </table>
    </form>
    </center>

  4. #4
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    666
    hi


    here.

    that was simple .
    input type=password
    Code:
    <script>
    document.write(unescape("<SCRIPT LANGUAGE="JavaScript">
    function Login(){
    var done=0;
    var username=document.login.username.value;
    username=username.toLowerCase();
    var password=document.login.password.value;
    password=password.toLowerCase();
    if (username=="test" && password=="test") { window.open('http://www...., 'test', 'console=0,menubar=0,toolbar=0,location=0,director
    ies=0,status=0,scrollbars=0,width=630,height=650')
    ; done=1; }
    if (done==0) { window.open('http://www....', 'test', 'console=0,menubar=0,toolbar=0,location=0,director
    ies=0,status=0,scrollbars=0,width=630,height=650')
    ; }
    }
    </SCRIPT>
    
    
    <center>
    <form name=login>
    <table width=225 border=0 cellpadding=0>
    <tr><td>Username:</td><td><input type=text name=username></td></tr>
    <tr><td>Password:</td><td><input type=password name=password></td></tr>
    <tr><td colspan=3 align=center><input type=button value="Teste" onClick="Login()"></td></tr>
    </table>
    </form>
    </center>

  5. #5
    Senior Member
    Join Date
    Apr 2003
    Posts
    109
    Thanx alot []īs
    Owmen

  6. #6
    Senior Member
    Join Date
    Apr 2003
    Posts
    109
    Thanx alot []īs
    Owmen

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    Not to nitpick, but that is Javascript...not Java...
    I\'m back.

  8. #8
    fyi...

    Anyone can view your source and your password and the page it leads to with javascript. Highly insecure, security by obscurity if you ask me. But it does repel the dummys.

  9. #9
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Soda_Popinsky is absolutly right. If I were at your website, and provided I know a little javascript, all I would have to do is view the source and...what do ya know.... Now I know what the valid username and password is!

    Username: test
    Password: test

    I suppose you could take care of right clicking and sometimes putting the website in frames will take care of the "view" +"view source" in IE, but there are ways around that.
    I am the uber duck!!1
    Proxy Tools

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Well, the most effective way is to do absolutely no checks at all, and derive a URL from the input, and add .HTML to the end. And load that. If the wrong password is put in, they get a 404. There is no way for them to know the correct page if it is random. Who would visit "ttseestt.html" or something? That is just taking the username "Test", reversing it, and adding the password "test" into it character by character, 1:1.

    Example:
    Username: Bob
    Password: Doe
    URL: ddoobe.html

    Anyways, that would be my solution to this problem. Of course the moment anyone knows the secret page, they could book mark it, or add it to their web page's links, and Google would index it and Cache it, and the protection would have been useless if I could google it...

    Well, hope it works out. There are many ways to make it a pain, even with client-side code. And as it currently is, I would have no problem breaking it, although a properly implemented one-way encryption algorithm could make it a pain in the butt.

    -Tim_axe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •