Menu
Hello, I am trying to set up user authentication and password protected pages on my site but im not sure if it’s working… the user login part works and it takes each one to the correct page, but why are these pages accessible if i enter them directly in my browser? Is there a way to prompt someone for a password before they can view the page if they try to go straight to the page instead of logging in???
Javascript cannot be used as a password protect, because it is client side, and anyone with the slightest bit of programming knowledge could see the passwords. It has to be client-side.[/QUOTE]
... but why are these pages accessible if i enter them directly in my browser? ...[/QUOTE]This will always be the case unless you use a server side solution.
This will always be the case unless you use a server side solution.[/QUOTE]
funny how you revel in the fact that you (or someone) ported sha1 encryption to javascript, but you havent answered the question at hand. where is the version of that script you posted[/QUOTE]
and once that webpage is gotten to, cypher or not, it isnt secure.[/QUOTE]
the means of accessing [the page] through your script is [secure], but thats as far as it goes[/QUOTE]
anyone can still bring up that page with the URL if the cypher was broken[/QUOTE]Well obviously. But, of course, the cipher [i]isn't[/i] broken. Will you be the one to break it? Give it a try.
if youre passing the page back as innerHTML, thats nothing more than a mask.[/QUOTE]
the webpage is still unsecure UNLESS you have a server side resource sitting there checking sessions. all youve done is built a mansion on top of lava. it looks nice, but the underlying problem remains.[/QUOTE]
and if you have to build the webpage into the cypher, thats more trouble than its worth.[/QUOTE]
if you have to build the webpage into the cypher, thats more trouble than its worth.[/quote]
This is the only thing you said that [is definitly] right. But it's really up to each person to decide.[/quote]
what i said, and will say more succinctly here is that[I] if [/I]you were using the script to grab information from a another webpage ... the script would then ultimately be fallable.[/QUOTE]
but i guess thats what you have to do when a guy isnt trying to help, but rather trying to get people to look when he pulls down his pants[/QUOTE]
...thank god someone developed sha1 and provided the concept behind it so that ports could be made, huh?[/QUOTE]
also, lets show just how efficient your script is. view the source of this webpage. copy everything. throw it into your encryption...[/quote]Well dang, I guess you proved me wrong where I said it was super fast. Oh, wait... [u][i][b]I never said that![/b][/i][/u] :rolleyes:
Well, since the script doesn't do that, it kinda doesn't matter, does it?[/quote]
Then you came back with some jabber about it not being secure, which is wrong[/quote]
Well dang, I guess you proved me wrong where I said it was super fast. Oh, wait... [u][i][b]I never said that![/b][/i][/u] [/quote]
Seriously, dude, you seem to have developed a grudge in just a few seconds. This page—filled with our discussions, nested tables, and a long strip of advertisements—is a hefty page. I doubt the OP's page is anywhere near as big as this one.[/quote]
The OP wanted a secure JS password protection, and now he has one.[/quote]
Javascript cannot be used as a password protect, because it is client side, and anyone with the slightest bit of programming knowledge could see the passwords. It has to be client-side.[/QUOTE]
and if you have to build the webpage into the cypher, thats more trouble than its worth.[/quote]
because you didnt provide anything but epenis script, i was wrong due to your lack of given information. i had to speculate based on what little info i had[/quote]You're right that you didn't have the second link. I hadn't realized the first attached I linked to didn't have the tools to make a new protected page. I had to search through old posts even to find the one I did. But still, if you didn't have the information to know how it works, then you could have [i]asked[/i] for it rather than ranting out of ignorance. It was your blatantly incorrect conclusion—that the script wasn't secure—that prompted me to challenge you to break it. I figured if you were so confident to proclaim it not secure, then you ought to be able to back up your words.
my point here isnt that your script isnt fast, but that it wouldnt be worth the effort.[/quote]I got that point. And I responded to that point. Twice. Again, it's up to each person to decide if it's worth the effort.
You're right that you didn't have the second link. I hadn't realized the first attached I linked to didn't have the tools to make a new protected page.[/quote]
But still, if you didn't have the information to know how it works, then you could have [i]asked[/i] for it rather than ranting out of ignorance. [/quote]
i have seen your other threads. you are (and were) trying to bait people into breaking SHA1's encryption.[/quote]Bait people? Dude, this isn't complicated: When someone makes a baseless claim (like you did), I ask that they back up the claim. I don't think that's unreasonable.
youre telling me that you can port SHA1 to javascript, but you cant post the solution to a persons problem on the first try based on your own threads which you knew existed (of which you knew where they were and if not how to find them)?[/quote]The more helpful attachment is 3 1/2 years old. So yeah, I didn't know about it. It really is that simple. No conspiracy.
your deliberate act of posting the solution would have been done in one post considering how smart (you want people to think) you are.[/quote]Right... because it's not at all possible that it was just a mistake. :rolleyes:
0.1.9 — BETA 5.17