PDA

View Full Version : Hiding passwords from right clicking page



airborneinfantry85
08-27-2009, 05:35 PM
Hello all,

I am new to this forum so I apoligize if I am posting in an improper area.

I have added a page password protect Javascript I found on the web to a page.

The problem I am having is that if you right click the page on the website you can view source and see the passwords.

I have enclosed the script if anyone has any suggestions on how to hide them. Not to sure on this one. I see cloaking software but Im not quite sure if theres an easier way to go.

Thank you for your assistance. :)




<SCRIPT LANGUAGE="JavaScript">



<!-- Begin
function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="essex" && password=="lk123") { window.location="Lake_Forest_Rate_Sheet.html"; done=1; }
if (username=="essex" && password=="org123") { window.location="Orange_Rate_Sheet.html"; done=1; }
if (username=="essex" && password=="org111") { window.location="Lake_Forest_Rate_Sheet.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}
// End -->
</SCRIPT>


<p style="text-align: center"><span><center>
<form name=login>
<table width=225 border=1 cellpadding=3>
<tr><td colspan=2><center><font size="+2"><b>Log In</b></font></center></td></tr>
<tr><td>Username:</td><td><input type=text name=username></td></tr>
<tr><td>Password:</td><td><input type=text name=password></td></tr>
<tr><td colspan=2 align=center><input type=button value="Login!" onClick="Login()"></td></tr>
</table>
</form>
</center></span></p>

traq
08-27-2009, 06:38 PM
you could encode the passwords so they can't be copied as easily, and there are "no-right-click" scripts as well. But they can all be circumvented relatively easily. So, the short answer is this:
don't use javascript for security.
It is entirely client-side -which makes it useful in many situations- but completely unreliable when it comes to security. If you have a real need for password protection, you need a server-side solution, like PHP.