Solved

Password Dialog

Posted on 1997-11-16
5
282 Views
Last Modified: 2012-06-27
I would like to display a password dialog, similar to the one displayed when you log onto Experts Exchange.  Can this be done in JavaScript.
0
Comment
Question by:dl090597
5 Comments
 
LVL 5

Accepted Solution

by:
Christian_Wenz earned 50 total points
ID: 1274136
the one at Experts Exchange works with something called ".htaccess". A JavaScript dialog is easy to implement, but not very hack-proof.
Ask you ISP if he supports .htaccess, and if he does, I'll give you instructions how to implement this. If not, I'll give you a JS script - but again, that's not hack-proof.
0
 
LVL 6

Expert Comment

by:tecbuilder
ID: 1274137
The reason that a JavaScript password dialog is not hack proof is that the password has to be hard coded into your HTML file or a JavaScript file.  Hence, if someone wanted to see if the password dialog was generated from JavaScript code, all they would have to do is look at the page's source code.  Inside it they can find the code that generated the password dialog box.  Where ever the code is that generated the password dialog box, so to is the password.

The trick is hoping that they don't check your page's source code.  You can do some things that would make it rather painful to check your code, like putting all the code that generated your page on 1 line, putting in bogus scripts that don't do anything except make your code more difficult to read, etc.  However the person can save your page to their hard drive and load it in an editor where they can add paragraph marks to make it more readable.  Hence finding your password.
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 1274138
There have been half a dozen discussions about this and what you can do to "hide" the password!!!! Maybe it's best to invest some points into the PAQs....

One simple yet effective technique is to "garble" the word that is entered in some way (s.th. very simple) and then set document.location=garbledword+'.html';
As long as you have an "index" or "default" file that keeps people from looking at your directory, that makes it extremely hard to find the next page without knowing a valid password and you can't find the password in the code either.
Even more effective is passing the password to a CGI-script that checks it and (maybe) generates a page. Of course most people don't have access to CGI, but I think that even less people can use .htaccess.

.htaccess is definitely the most effective way, but if you can't use it, there are several ways to make it work ok in JavaScript...
0
 
LVL 84

Expert Comment

by:ozo
ID: 1274139
Another way to increase the hack resistance of Christian_Wenz's script,
(unless it already does this, I haven't seen it yet)
may be not to hard code the password into the script, and instead
send a different hash of it on every invocation.  This would require
a CGI on the otherside to generate a different JavaScript each time,
And you still need a good hash and a secure way of seeding it.

0
 
LVL 5

Expert Comment

by:Christian_Wenz
ID: 1274140
I was assuming that dl has no CGI access; but Holger's right, there are really some questions of the same type.
BTW, hi ozo, nice to read you again! :-)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: DanRollins
This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7850-Hex-Maze-Part-2.html), we'll extend the program by adding a depth-…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now