| Author |
Message |
Abnoba12
Junior WebHelper
Joined: 03 Feb 2005
Posts: 3
|
 Posted:
Thu Feb 03, 2005 10:00 pm (19 years, 2 months ago) |
  |
I'm looking too put a password on my website. I want the whole site blocked from unwanted visitors. I know just enough about web development to get myself into trouble. I made a JavaScript password program, but the source (and all passwords) can been seen if you go to view source and it only protects the home page. The site can still be accessed from going too another page on my site. Could someone point me in the right direction? I can do the research and make a program once I know what language to learn.
O I also run the server my site is on, so if this can be done with apache or any other program that would be nice to know. |
|
|
    |
|
Abnoba12
Junior WebHelper
Joined: 03 Feb 2005
Posts: 3
|
| Posted:
Thu Feb 03, 2005 10:45 pm (19 years, 2 months ago) |
|
I did some looking and I found a nice Tut on using the .htaccess with apache.  |
|
|
|
|
fgidigi
Junior WebHelper
Joined: 07 Sep 2003
Posts: 16
|
| Posted:
Wed Sep 07, 2005 5:16 pm (18 years, 7 months ago) |
|
I have a very simple html solution,
it all can be done using javascript and 3 files, the startpage, the error page and the correct page.
email me, then Ill send you the zipfile with the entire construction. Cos to post this all here, is gonna be to complicated, lots of words and stuff... that may not work.
- also, this one cant be seen using source code...
_______________
bye - figidigi
figidigi@chello.nl |
|
|
|
|
adam
Forum Moderator & Developer
Joined: 26 Jul 2002
Posts: 704
Location: UK
|
| Posted:
Wed Sep 07, 2005 9:42 pm (18 years, 7 months ago) |
|
I'm quite honestly mystified as to how you can create a secure password system with JavaScript - as far as I'm aware JavaScript doesn't have any kind of hashing functions (though I could be wrong), so how are the passwords hidden from prying eyes? Even storing password hashes in the source wouldn't be secure, in my opinion, since having the hash of the password would make it a lot easier to crack. If you've found a way of doing it that is actually secure, please share it. I can't imagine actually using it, but I am genuinely curious. |
________________________________
It's turtles all the way down... |
|
 |
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Thu Sep 08, 2005 7:44 am (18 years, 7 months ago) |
|
I've seen Javascript systems where the password protected file's name is the password, therefore you can't access the file unless you know the password. Obviously this isn't a perfect solution, since the URL then shows up in their browser's history. |
________________________________
 |
|
|
|
fgidigi
Junior WebHelper
Joined: 07 Sep 2003
Posts: 16
|
| Posted:
Thu Sep 08, 2005 7:48 am (18 years, 7 months ago) |
|
Hi adam,
_____________________
well first of all, i am absolutely not mister know-it-all. So maybe i'm wrong with this. Secondly I think I am thourough, when it comes to testing, but there are guys that do this a lot better, so I think it is a very tough one to crack, but hey, maybe i'm off base...
anyway, before i give the code, would you test it for me??? would you crack my code?
I u want,...go to a testpage:
the url is: http://www.showerzone.nl/test/password
<> crack the 10 letter/cypher combination/password.
<> tell me the phrase that I've written behind the password and I believe you are right.
I wish u the best of luck, and am curious bout the outcome...
bye,
__________________
Jerome |
|
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Thu Sep 08, 2005 8:03 am (18 years, 7 months ago) |
|
Your password is showerzone333, right? |
________________________________
|
|
|
|
fgidigi
Junior WebHelper
Joined: 07 Sep 2003
Posts: 16
|
| Posted:
Thu Sep 08, 2005 8:16 am (18 years, 7 months ago) |
|
damnnnnnnnnn YOU ARE GOOD !!!!!
How did you do that?? I am baffled over here, lol 
Pretty amazing! |
|
|
|
|
fgidigi
Junior WebHelper
Joined: 07 Sep 2003
Posts: 16
|
| Posted:
Thu Sep 08, 2005 8:18 am (18 years, 7 months ago) |
|
and that in less then 13 minutes - pffffffff ....
I think I will blow up that server, so that nobody can get in... ha ha |
|
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Thu Sep 08, 2005 8:20 am (18 years, 7 months ago) |
|
|
|
|
fgidigi
Junior WebHelper
Joined: 07 Sep 2003
Posts: 16
|
| Posted:
Thu Sep 08, 2005 8:37 am (18 years, 7 months ago) |
|
to be honest, I first tried to use a frame and then anti-rightclick all pages and put the javascript in the bottompage,
So i tried this; target=_self
cos u gotta let js know that it has to not go to a blank page but to the same frame. But I failed, I do not really know how to write javascript properly. coding [except css/html] is not my strongest side... 
I think if I knew a way, how to target the page in javascript, using frames [you can even make the frame real small like 1 px, so its there but u wont see it...]
then this whole view page thing with the antirightclick will be more difficult to get in.
- well I think js then is more for standard internet-users, cos if u r original like you guys, it seems pretty easy to get in -
but still, I take a deep bow *applause applause* 
_________
Jerome |
|
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Thu Sep 08, 2005 8:47 am (18 years, 7 months ago) |
|
As long as your password is in the file's source, none of these tricks will be foolproof - they'll just deter part of the people trying to access your site. The same thing goes for anti right click scripts - they only work until you turn off Javascript . |
________________________________
|
|
|
|
|
|
