Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Java authentication security!

  1. May 19th, 2004, 10:18 AM #11
    SwordFish_13
    SwordFish_13 is offline
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    666
    HI

    Thats why i generally try to create my Pages Dyanmicly By Running the Script at the
    Server . and Of Cours3 it is absolutly absurd Doing a Passward Check at the client side,
    They should bwe done at the Server side. What you can do is post This Authontican Data
    and Validate it at the server then let the the user Go forward.. You can make your Scrupts
    run on server by using this clause<SCRIPT LANGUAGE="VbScript" Runnat= Server>
    it's been long time since i worked with ASP and Scripts. You can create the whole page at
    server and display it dynamecally if you want to hide all your code it's something like this

    <SCRIPT LANGUAGE="VbScript" Runnat= Server>
    responce.write "<html>"
    responce.write "<Body>"

    responce.write "Hello World, You can't see the Code of this page ha ha ah i am 1337"


    responce.write "</body>"
    responce.write "</html>"
    </Script>




    --Good Luck--
    Reply With Quote Reply With Quote
  2. May 19th, 2004, 10:31 PM #12
    The Duck
    The Duck is offline
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Tim_axe , the problem with just looking for the url that you go to after the username and password has been validated is that if you didn't log in, you might not meet the cookie qualifications. But that's if they use cookies, so if that's the case then the username and password in the source code would be a better route.

    SwordFish, VbScript is different then javascript, I don't know VbScript
    I am the uber duck!!1
    Proxy Tools
    Reply With Quote Reply With Quote
  3. May 20th, 2004, 03:39 AM #13
    Tim_axe
    Tim_axe is offline
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    True, but from what I've seen, having the server accept / reject cookies usually means that there is some server-side security involved, a little bit like what SwordFish mentioned. In that case, the form would need an action/target URL to submit the data to the server so the server stuff can get done and either show your "error" or "secret info"...

    But for a fully client-side approach, it isn't too bad. It just has all of the flaws of client-side security if a bad person is determined enough.

    BTW, I saw this site come across the front page recently - it has different implementations of client-side security. A fun "war game" that really only really needs your browser, and a some thought power. You should be able to make it up to level 8 pretty easily, but from there it shifts a bit and gets progressively harder to do with only a web browser... Maybe you can get ideas for client-side security from it - http://scifi.pages.at/hackits/

    Timaxe.com -- Sports Photography

    Are You A Teen Interested in Linux? Checkout http://www.linuxteens.com
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules