Results 1 to 4 of 4

Thread: Encrypted Password script

  1. #1
    Join Date
    Dec 2009
    Posts
    54
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Question Encrypted Password script

    Encrypted Password script

    Script URL: http://www.dynamicdrive.com/dynamicindex9/password.htm

    This script works well but I was wondering if it is possible to protect the targeted page so it cannot be accessed via the address bar

    i.e, username: test - Password: test2 - Correct location: test2.htm

    What I would like to happen
    User puts the URL + test2.htm into address bar - User gets taken to access denied page or similar

    What actually happens
    User puts the URL + test2.htm into address bar - User gets access to that page with no login required

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    You will never have a "secure page" using javascript. you can make things more complicated, but javascript is entirely under the control of the user - it can be edited, or even just turned off. If you need to actually secure a page or directory on your site, you must use a server-side langauge (like PHP, or simply use .htpasswd).

  3. The Following User Says Thank You to traq For This Useful Post:

    moose86 (11-27-2011)

  4. #3
    Join Date
    Dec 2009
    Posts
    54
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Default

    ok, thank you

  5. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    The only "security" that Javascript allows is to make guessing a URL interactive. So you can have a "password" form that just allows users to type in a URL and they get redirected to whatever they type in. It's basically an interactive address bar. In this case, it's a little more complicated than that, but at the same time it would be possible to decrypt the password fairly easily, so it's also less secure against someone who knows what they're doing.
    Anyway, none of these really do anything to stop someone from accessing a page directly since that's what they do: they just redirect you to the "password protected" page. The security is all just based on not sharing the URL for that page directly-- once they have it, it's completely visible.

    In theory, you could use cookies to do this-- store a cookie on the password page, then only show the protected page if they have that cookie. But it's still not entirely secure and would allow them to reload the page as much as they want, given that they have logged in once.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •