-
May 19th, 2004, 10:18 AM
#11
HI
Thats why i generally try to create my Pages Dyanmicly By Running the Script at the
Server . and Of Cours3 it is absolutly absurd Doing a Passward Check at the client side,
They should bwe done at the Server side. What you can do is post This Authontican Data
and Validate it at the server then let the the user Go forward.. You can make your Scrupts
run on server by using this clause<SCRIPT LANGUAGE="VbScript" Runnat= Server>
it's been long time since i worked with ASP and Scripts. You can create the whole page at
server and display it dynamecally if you want to hide all your code it's something like this
<SCRIPT LANGUAGE="VbScript" Runnat= Server>
responce.write "<html>"
responce.write "<Body>"
responce.write "Hello World, You can't see the Code of this page ha ha ah i am 1337"
responce.write "</body>"
responce.write "</html>"
</Script>
--Good Luck--
-
May 19th, 2004, 10:31 PM
#12
Tim_axe , the problem with just looking for the url that you go to after the username and password has been validated is that if you didn't log in, you might not meet the cookie qualifications. But that's if they use cookies, so if that's the case then the username and password in the source code would be a better route.
SwordFish, VbScript is different then javascript, I don't know VbScript
-
May 20th, 2004, 03:39 AM
#13
True, but from what I've seen, having the server accept / reject cookies usually means that there is some server-side security involved, a little bit like what SwordFish mentioned. In that case, the form would need an action/target URL to submit the data to the server so the server stuff can get done and either show your "error" or "secret info"...
But for a fully client-side approach, it isn't too bad. It just has all of the flaws of client-side security if a bad person is determined enough.
BTW, I saw this site come across the front page recently - it has different implementations of client-side security. A fun "war game" that really only really needs your browser, and a some thought power. You should be able to make it up to level 8 pretty easily, but from there it shifts a bit and gets progressively harder to do with only a web browser... Maybe you can get ideas for client-side security from it - http://scifi.pages.at/hackits/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|