Printable View
How secure is the following password code ? Can any one disabling the javascript access the page ?
<HEAD>
<SCRIPT language="JavaScript">
<!--hide
var password;
var pass1="cool";
password=prompt('Please enter your password to view this page!',' ');
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
{
window.location="http://www.yahoo.com";
}
//-->
</SCRIPT>
</HEAD>
Thanks
Dr_Evil
It's NOT secure. Anyone can read it. Heck even some of those hackers challenger sites have something like this in one of the first levels.
Try using server side scripting (asp, php). That will help protect the script from being read. Clientside scripting is not secure and shouldn't be used for protection. Only use clientside scripting to spice up your site.
What would you recommend ? I am only allowed to use javascript on my site.
Dr_Evil
Get a provider that does allow you to use serverside scripting.Quote:
Originally posted here by Dr_Evil
What would you recommend ? I am only allowed to use javascript on my site.
Here's a good script and you can use it on those free web sites..
<form action="http://pub8.bravenet.com/passwd/show.php" method="post"
style="margin: 0px;">
<div
style="padding: 3px; background-color: rgb(219,224,245); font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 12px; line-height: normal; font-stretch: normal; font-size-adjust: none; color: black;">Enter
Password Protected Area</div>
<div
style="margin: 10px 10px 4px; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 11px; line-height: normal; font-stretch: normal; font-size-adjust: none; color: black; text-align: right;">
User Name: <input type="text" name="******" size="15"
maxlength="254"
style="border: 1px solid rgb(204,204,204); width: 115px;">
Password: <input type="password" " size="15"
maxlength="254"
style="border: 1px solid rgb(204,204,204); width: 115px;"> <input
type="hidden" style="border: 0px solid black; height: 0px; width: 0px;"
name="usernum" value="615408226"><input
style="border: 0px solid black; height: 0px; width: 0px;" type="hidden"
name="cpv" value="2"></div>
<div style="margin: 0px 4px 4px 0px; float: right;"><input
type="submit" name="submit" value="Login" style="width: 50px;"></div>
</form>
</div>
</div>
Cheers
Creative
Great form creative, but it's just a form nothing more.
The actual password checking is done with a php script.
So the password checking is done using serverside scripting.
Hey dice, i was simply using it as a sample.
I know that when you put it into your HTML. That it won't work.
It's still under construction.
I'm currently getting it ready to be usable, but that won't be for a couple of days, as i've got a ton of reading to catch up on..
Anyhow there are heaps of Source codes that you can get, that WILL work on any-site really.
As long as you can enter the HTML then nothing's really stopping you i guess.
Cheers
Kris..
You're right about the number of scripts that are available. All the good ones use serverside scripting though. It seems like Dr_Evil is only allowed to use clientside scripting. Clientside scripts are not secure enough to (password) protect a section of the site.
So his best bet would be to change to a provider that will allow him serverside scripting like php or asp. Once that's done he should have no problems using your script (if done correctly) :D
Hey Guys
Does anyone know a free web provider that allows the usage of serverside scripting like php or asp.
Dr_Evil
Dr_Evil - With the code you put up their a person simply needs to right click and view source (simplist way). However like reiterated before in this thread. If you can use PHP or ASP or some serverside code you will be able to better protect a page.
Here is some better hosting -
Free Web Hosting
Here is some free webhosting also previously posted in Anti - Web Hosting Thread
If you go into the Web Dev forum you will find more resources regaurding free or almost free hosting.
Adiz
adiz,
I need free web space with serverside scripting php or asp ? I have already searched AO and most of links are old. Have you used one ?
Dr_Evil
Their another thread on that where I suggest a JavaScript name GateKeeper. The password is the name of the webpage so it's paintfull to crack.
Good Luck
I may be painfull to crack if you don't know what the next page is called. But what happens if they email the url pointing to your "secret" page? Right, no passwords asked it just shows your "secret" page. So basicly it's crap (as others noted in the same thread) and I would steer clear from this kind of "protection".
I SUGGEST YOU GO TO WWW.BLACKCODE.COM IT HAS HELLEPED ME ALOT. IT MAY BE JUST WHAT YOU ARE LOOKING FOR. IF NOT I AM STILL LOOKING.:)
If you can only use client-side scripting, try this script. its not safe, but its safer than the one you use now...
if you type "mypassword" into your input-box the script will redirect you to the page mypassword.htm.Code:<script language="javascript">
function open_page() {
var password;
password=this.document.yourform.yourinputbox.value;
loc=password + '.htm'
location.href=loc;
}
</script>
form name="yourform">
<input type="password" name="yourinputbox">
[img]image.jpg[/img]
</form>
You have to know the name of the page to get access to it. I would name it something like 23jkli11.htm.
This script doesnt work well with directory browsing allowed =).
its unsafe, its not something I recommend using for any sensitive information but hey, its better than nothing (almost).