Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: How do you do this?

  1. #1
    Join Date
    Jul 2005
    Location
    Kuwait-I'm American
    Posts
    127
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question How do you do this?

    Hi,

    My question is:

    DD has a couple of password scripts. The problems with them is that the name of the page is the password. If someone is watching you wile you browse, all they have to do is look at the <url>, and they will know your password. Is there a way to input password/username, but be directed to a page like your_page.htm?

    From your_page.htm, you could view how many people have entered your site, and see there adresses. You could view how many people might have ordered a product, or downloaded a program/file...

    Have any ideas on how to change the page it sends you to?
    //\\ //\\// || //\\//\\ //\\ ||_
    SOFTWARE

  2. #2
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    This is the problem with client-side password scripts.
    The only secure way to do it is to have the password as the file name. However, if you're just worried about having people see your password, try converting the page name to hexadecimal first. This will stop people peeking over your shoulder (unless they have photographic memory )
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  3. #3
    Join Date
    Aug 2004
    Posts
    10,143
    Thanks
    3
    Thanked 1,008 Times in 993 Posts
    Blog Entries
    16

    Default

    Hence you should try using .htaccess for password protection, such as by using this tool: http://tools.dynamicdrive.com/password/

  4. #4
    Join Date
    Jul 2005
    Location
    Kuwait-I'm American
    Posts
    127
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    oh, so that isn't just gibberish, it's hex? but will the computer know if i tell it to go to my password.html(in hex)?
    //\\ //\\// || //\\//\\ //\\ ||_
    SOFTWARE

  5. #5
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Yes, it sees the hex characters as being exactly the same thing as the normal characters in a URI.
    %73%65%63%72%65%74%70%61%67%65%2e%68%74%6d is exactly the same as secretpage.htm
    Try it in Google:
    http://www.google.com/search?q=%73%6...65%2e%68%74%6d

    An ASCII chart: http://i-technica.com/whitestuff/urlencodechart.html
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  6. #6
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    If I understand what you are doing here, it wouldn't be that hard to view the source and then run the string through a hex to ascii converter. If I've misunderstood, never mind.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  7. #7
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    No, you've misunderstood.
    He was worried that, if you had a script where the name of the page to go to was the password, someone could just look over the user's shoulder and see their address bar, and thus gain the password. I was suggesting that is the author of the script converts the password to hex characters before redirecting the browser. Hex is a lot harder to remember.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  8. #8
    Join Date
    Jul 2005
    Location
    Kuwait-I'm American
    Posts
    127
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thank you alot! It works perfectly fine!!
    //\\ //\\// || //\\//\\ //\\ ||_
    SOFTWARE

  9. #9
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Got it, good idea.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  10. #10
    Join Date
    Jul 2005
    Location
    Kuwait-I'm American
    Posts
    127
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Twey
    This is the problem with client-side password scripts.
    Is there any other kind of password script?
    //\\ //\\// || //\\//\\ //\\ ||_
    SOFTWARE

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •