Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 5 of 8 FirstFirst ... 34567 ... LastLast
Results 61 to 75 of 115
  1. #61
    New to the CF scene
    Join Date
    Oct 2004
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Host

    My understanding is that NTL does not support server side,so this is why the vb script looks good.

    http://www.cableforum.co.uk/board/article.php?a=5

  2. #62
    New Coder
    Join Date
    Oct 2004
    Posts
    65
    Thanks
    0
    Thanked 0 Times in 0 Posts

    weaknesses

    For me I think that the weakness of this script is being able to see what files are on the server. You see one called CodingForums.js. You open it - and you have the url of the protected web page. YOu have just circumnavigated this security system. Indeed - u can even see the url of the protected webpage: page.html - on the server. Type this into your browser and there you have the protected web content.

    So this brings me to my Q: how can you prevent someone from seeing all the filenames on your server (such that they can then type them into their browser and look at them)? IS this possible?

    To repeat for clarity:
    Even this really good script is vulnerable to persons looking at your filenames on the server.

    Is there anyway that I can prevent persons from discovering the names of all the files on my server? Best,

  3. #63
    Regular Coder
    Join Date
    Jul 2002
    Location
    Kansas, USA
    Posts
    487
    Thanks
    0
    Thanked 54 Times in 53 Posts
    rhodopsin: just make sure the directory where your .js files are stored has an index.html file.

  4. #64
    New to the CF scene
    Join Date
    Nov 2004
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Could they not bypass the protection by skipping directly to /page.htm ???

  5. #65
    Regular Coder
    Join Date
    Nov 2002
    Location
    Carmel California
    Posts
    471
    Thanks
    0
    Thanked 1 Time in 1 Post
    Another way you can do it is with .htaccess If you have that option, which many hosts do at least limited support. You can have a .htaccess file that has IndexIgnore * in it which should prevent indexing. A good resource for this: http://www.javascriptkit.com/howto/htaccess11.shtml
    Kris Hubby
    kwhubby site

  6. #66
    New to the CF scene
    Join Date
    Nov 2004
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    HI guys just found this forum tonight, searching around the internet looking for help in various aspects of my course work for uni.

    I need a secure login (using either, java / VB) and a authentication program to check members exist. This program does this very nicely.

    only one question i have just now....

    Heres my site.

    http://www10.brinkster.com/tester2003/index.html

    Now, how do i get the code to create a password and username through registering at this site?

    register.htm <--- file i want the user to register, i want to create the password and username here. in this form to create the .js File?

    And does anyone know anything regarding XML ?? im a network engineer not a programer.

  7. #67
    New to the CF scene
    Join Date
    Dec 2004
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Secure?

    How could this auth method be secure?

    1. When the auth.htm has to check if the Login+Password.js exists, the browser has to request the URL http://server/path/Login+Password.js from the web server.
    This request is transmitted plaintext, so every sniffer could read it. And even worse, the web server logs this request plaintext in his log. So the HTTP BASIC AUTH is better, because the password is not logged.

    2. How do you difference user "Neo",password "Matrix" and the user "NeoM", password "atrix" ???

    The only "secure" way (beside SSL) is, to hash the password with md5 or sha1 and to verify the hashed password on server side. And don't forget to include a salt, do make brute force attacks more difficult.

  8. #68
    Senior Coder joh6nn's Avatar
    Join Date
    Jun 2002
    Location
    72° W. 48' 57" , 41° N. 32' 04"
    Posts
    1,887
    Thanks
    0
    Thanked 1 Time in 1 Post
    Pavel, the points you bring up, while valid, have already been hashed over in the preceeding 5 pages of this thread.
    bluemood | devedge | devmo | MS Dev Library | WebMonkey | the Guide

    i am a loser geek, crazy with an evil streak,
    yes i do believe there is a violent thing inside of me.

  9. #69
    New to the CF scene
    Join Date
    Jan 2005
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    .. How would I get the protected page/pages to open in an i-frame .. is that possible?

    Thanks in advance

    **Tatty**

  10. #70
    New to the CF scene
    Join Date
    Jan 2005
    Location
    TN
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    amazing

    this is one hell of a script. very good stuff with some incredible diversity and functionality. i might have to use this one...though i dont have anything on my website that would require someone to need a user name and password...hahahaha. oh well...maybe in the future. very cool stuff though amigo

    very clever

  11. #71
    New to the CF scene
    Join Date
    Feb 2005
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Clutter

    Just like to say superb and simple script, am finding it very useful already. I have a question though and i'm afraid my JS is so bad i can't even figure this out by myself lol.

    I want to reduce clutter in my directories and want to put all the .js files in a subdirectory called ID which file would i need to amend to do this and what change would i need to make?

    Many thanks Simon

  12. #72
    New Coder
    Join Date
    Feb 2005
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script

    Hey, i just threw together a simple but really secure javascript.

    Writes the usernames in a list (select tag). The usernames and passwords are stored in an Array in a javascript file witha a complex file name and some of the source code is heavily encrypted.

    Here it is:

    Click here for a live preview

    Click here to download this script.

    NOTE: Username: User01, Password: Pass01.
    Last edited by Bolter99; 02-12-2005 at 06:33 AM.

  13. #73
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    Man, the secure and javascript are two opposite words. javascript was not design as a security language, thus it will be never ever suitable for a secure pass login. As any other client-side language the codes are loaded in the user's cache where from the user can see the codes and, sooner or later, will find the algorithm to decrypt. Man, it's so simple to understand that, yet so many people try and try again and again to square the circle, on and on...
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  14. #74
    New to the CF scene
    Join Date
    Mar 2005
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    one thing i want to know about this.
    How can i make it so anyone accessing the site doesnt know about what other pages there are. Because i obviously know the URL it redirects to, but how can i make it so that to view the page they need to login.

    That might not have been clear.

    say i have a downloads page, it has a login thing, no when i login it redirects to a page with a list of files to download, how can i make it so when it login in it has something like www.MYWEBSITE/download=<usermane> etc etc.

    I guess you know what i mean by now, hiding the page , im thinking mabye this isnt possible using HTLM/JS, does someone know anyway to do it with PHP etc. Im willing to try and learn. , as long as someone gives me a go.

    Thanks in advance,
    Ph30nIX

  15. #75
    New to the CF scene
    Join Date
    Apr 2005
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Ideas and password settings

    In auth.htm it searches *.js basically but having changed the .js to .dfsdfd it still works. if you have something like .gif it also works. Maybe this could add a little bit if security.

    Ideas/Does the script...

    ?? - Create time out cookies?

    Idea - search is conducted in a *.php file which has an include which brings in the *.password files. One more step away from detection and an extra language to go though.

    Idea - Log each access attempt, username only as not want to leave passwords about!

    idea - Change password after x amount of days?

    idea - Make a valid looking list/website so hackers think they are in when they are not


 
Page 5 of 8 FirstFirst ... 34567 ... LastLast

LinkBacks (?)

  1. 02-22-2014, 08:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •