View Full Version : How do you do this?

07-05-2005, 07:52 AM

My question is:

DD has a couple of password scripts. The problems with them is that the name of the page is the password. If someone is watching you wile you browse, all they have to do is look at the <url>, and they will know your password. Is there a way to input password/username, but be directed to a page like your_page.htm?

From your_page.htm, you could view how many people have entered your site, and see there adresses. You could view how many people might have ordered a product, or downloaded a program/file...

Have any ideas on how to change the page it sends you to?

07-05-2005, 08:22 AM
This is the problem with client-side password scripts.
The only secure way to do it is to have the password as the file name. However, if you're just worried about having people see your password, try converting the page name to hexadecimal first. This will stop people peeking over your shoulder (unless they have photographic memory :p)

07-05-2005, 08:43 AM
Hence you should try using .htaccess for password protection, such as by using this tool: http://tools.dynamicdrive.com/password/ :)

07-05-2005, 09:57 AM
oh, so that isn't just gibberish, it's hex? but will the computer know if i tell it to go to my password.html(in hex)?

07-05-2005, 10:45 AM
Yes, it sees the hex characters as being exactly the same thing as the normal characters in a URI.
%73%65%63%72%65%74%70%61%67%65%2e%68%74%6d is exactly the same as secretpage.htm
Try it in Google:

An ASCII chart: http://i-technica.com/whitestuff/urlencodechart.html

07-05-2005, 11:08 AM
If I understand what you are doing here, it wouldn't be that hard to view the source and then run the string through a hex to ascii converter. If I've misunderstood, never mind.

07-05-2005, 11:23 AM
No, you've misunderstood.
He was worried that, if you had a script where the name of the page to go to was the password, someone could just look over the user's shoulder and see their address bar, and thus gain the password. I was suggesting that is the author of the script converts the password to hex characters before redirecting the browser. Hex is a lot harder to remember.

07-05-2005, 12:14 PM
Thank you alot! It works perfectly fine!!

07-05-2005, 12:38 PM
Got it, good idea.

07-05-2005, 12:40 PM
This is the problem with client-side password scripts.

Is there any other kind of password script?

07-05-2005, 01:28 PM
Yes, ideally you should use a script written in a server-side language such as PHP, ASP or JSP. You could also (as suggested by ddadmin, above) edit your .htaccess file to protect the file(s).

07-26-2005, 01:20 AM
Hi there, I tried the .hataccess file and directed it to my .htpasswd file, but I am running into a problem. I used the the main screen thing, and tied it into my site file and well, it protects the site, but the password and username I put in doesn't work. What is the problem? Does any one know?

07-26-2005, 12:37 PM
The "main screen thing?"
Perhaps you should post your .htaccess and .htpasswd here. Remember to replace usernames and passwords with example ones.

08-09-2005, 01:01 PM

pls. help me.. i habe a big problem on playing the music that i have put in my website, it is in wav format, when i-try to play it.. it downloads very slow and when it play it plays and stop and play and stop... i try to browse in other sites that offers music to be played on a media player or in their own website.. it has no problem..

pls. help me..

08-12-2005, 09:31 AM
what does this have to do with passwords? or .htaccess?

08-12-2005, 09:45 AM
Don't ask me.
Don_Nizz, you should post a new thread.

09-06-2005, 03:33 AM
Thanks. I talked to my server people, and there systems are messed up and all. So thanks anyways.