noscript... security problem!

noscript... security problem!

Post by Krack-Nob on Fri Nov 12, 2010 2:26 am
([msg=48825]see noscript... security problem![/msg])

First off all, srry for my poor english and for being such a n00b :P im a learner of both, english and scripting...
Ok, so im hosting a website with a Xat.com´s chatbox on it... i know that those things are not secure chat at all cuz they can be accesed from the main Xat.com site... anyway, i need my webpage (which isnt much, jst a couple of imgs and the embed chat) to be protected against anybody that doesnt know the password for it.
I like to keep it simple because is not a big deal so i tryed a really siple javascript for the password:
Code: Select all
<!--//
var x = prompt("Password","")
if(x == "the pass"){
   alert("wellcome");}
   else{
      alert("WEB PAGE DOES NOT EXIST!");
      window.location = "http://www.google.com"}
-->//

that script goes inside the header tags, the problem is that anyone could acces that site jst by disableing the javascript. im not trying to defend this site from hackers, i just want a nice method to keep not authorized normal people out of it...
im not sure if i explained my self Image...
Krack-Nob
New User
New User
 
Posts: 6
Joined: Wed Nov 10, 2010 1:17 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by Goatboy on Fri Nov 12, 2010 3:55 am
([msg=48826]see Re: noscript... security problem![/msg])

First off, your English is not that bad. What is your first language?

Anyways, the terms you are looking for here are "server-side scripting" and "client-side scripting". Client-side refers to what you are doing right now. Javascript is sent to the user, and their browser executes it. Since the code itself resides on their computer, they can do whatever they want with it. Server-side, on the other hand, refers to code that resides on your server, such as PHP or ASP. The code executes on your server, and only sends what you want it to. For example, the code could generate a random string of words, and only send that to the user. The actual code is hidden.

As a general rule, you want to use server-side for anything you want to protect. Client-side is better for error-checking (making sure a form field has the right entries), styling (animation and sound), and generating alerts.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2819
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: noscript... security problem!

Post by kujinR on Fri Nov 12, 2010 6:09 am
([msg=48827]see Re: noscript... security problem![/msg])

Krack-Nob wrote:the problem is that anyone could acces that site jst by disableing the javascript.

Not only that, People can just view the source and actually see the password. You remind me of Faith.

As Goatboy said, you're looking for server side scripting. Try PHP, you might like it. It's not at all that hard to learn it. Some good tutorials for it are found here and here.
"Better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
"red = changed"
User avatar
kujinR
Poster
Poster
 
Posts: 270
Joined: Thu Jul 29, 2010 4:39 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by beluluk on Fri Nov 12, 2010 6:45 am
([msg=48828]see Re: noscript... security problem![/msg])

Sorry for bragging in out of nowhere. Related to security (which i think is still in this topic), i've been searching around for using username and password authentification like the one on phpmyadmin. Could someone enlighten me about what is that? is that apache, or HTML? i bet it's HTML, but i found no clue.

Additionally, could i please request the "Latest forum posts" on HTS homepage to have more lines? Guess that would help people to be more active on the forums.

I hope my english is not too bad.

-- Fri Nov 12, 2010 7:02 pm --

To Krack-Nob
And if i may add the answers above, If you don't want a page reload, you could use ajax which combines clientside (a.k.a javascript), serverside (PHP for example) and XML (i usually throw away this part). You could ask google about ajax and search for a lightweight ones, or just go to jquery.com and read about its ajax methods.
beluluk
New User
New User
 
Posts: 6
Joined: Wed Feb 03, 2010 11:44 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by Krack-Nob on Fri Nov 12, 2010 10:37 am
([msg=48831]see Re: noscript... security problem![/msg])

kujinR wrote:Not only that, People can just view the source and actually see the password. You remind me of Faith.

As Goatboy said, you're looking for server side scripting. Try PHP, you might like it. It's not at all that hard to learn it. Some good tutorials for it are found here and here.


yeah the javascript missions were really easy :D... but you cant access the source code with out the password cuz im using the prompt tag that opens at pageload... I was thinkin to send the user to another site like google if they enter a wrong password or if they dont have javascript enabled but I cant figuere out how to do the last? do i really have to go with the PHP codes??...

beluluk: phpMyAdmin is written in PHP intended to handle the administration of MySQL. Explains it right here :D...

Goatboy: my first lenguage is spnish.
Krack-Nob
New User
New User
 
Posts: 6
Joined: Wed Nov 10, 2010 1:17 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by tremor77 on Fri Nov 12, 2010 11:20 am
([msg=48832]see Re: noscript... security problem![/msg])

There are a few ways you could use javascript purely in a "semi"-effective way to password protect your pages...

1 way would be to use the password=pagename method where the password is actually the pagename... for example the page is "mysecretprotectedpage.html" and the password is "mysecretprotectedpage" - the script looks at what is input as the password.. tacks on the .html and attempts to load that page... this is not the best method in the world considering your page might get indexed by a search engine at some point though...

another way would be to encrypt your password... as I did on this pure Javascript mission that I wrote http://mvel.org/TreMission1/ - afaik only one person has beaten it so far... I basically used an existing cut and paste javascript password script that is available here: http://www.javascriptkit.com/epassword/index.htm

depending on your web host you would be better of using php or asp though.. or even .htaccess - as ultimately, any hacker worth 2 cents can break most anything that's purely javascript.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: noscript... security problem!

Post by Krack-Nob on Fri Nov 12, 2010 9:44 pm
([msg=48846]see Re: noscript... security problem![/msg])

ok that would do... tnx
Krack-Nob
New User
New User
 
Posts: 6
Joined: Wed Nov 10, 2010 1:17 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by beluluk on Mon Nov 15, 2010 6:23 am
([msg=48904]see Re: noscript... security problem![/msg])

i've seen the script. In my opinion, cracking it would be more of decrypting than of javascript trick.

-- Mon Nov 15, 2010 6:24 pm --

I guess, i need to add: Nice script... :D I don't think any 2 cents hacker you mentioned above could hack it easily... I think i will take up the chalenge. So that i could raise my price up to 3 cents :D
beluluk
New User
New User
 
Posts: 6
Joined: Wed Feb 03, 2010 11:44 am
Blog: View Blog (0)


Re: noscript... security problem!

Post by tremor77 on Mon Nov 15, 2010 8:26 am
([msg=48906]see Re: noscript... security problem![/msg])

beluluk wrote:i've seen the script. In my opinion, cracking it would be more of decrypting than of javascript trick.

-- Mon Nov 15, 2010 6:24 pm --

I guess, i need to add: Nice script... :D I don't think any 2 cents hacker you mentioned above could hack it easily... I think i will take up the chalenge. So that i could raise my price up to 3 cents :D


Ya it is more of a decrypt challenge once you get past the couple idiot tests in place.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: noscript... security problem!

Post by Defective Flamesuit on Sun Nov 21, 2010 12:17 pm
([msg=49190]see Re: noscript... security problem![/msg])

May I recommend .htaccesss instead of PHP or JavaScript? Google ".htaccess"; it seems perfect for what you want to do and simpler than writing an encryption / decryption script as others have mentioned. Of course, using PHP is also pretty easy here, but if you have never used PHP before you might find using a .htaccess file easier.
sandbox wrote:Using RetardFish, I have determined it is retardese for "thanks". It translates literally to "I enjoy phalluses in naughty areas".
Defective Flamesuit
New User
New User
 
Posts: 32
Joined: Fri Sep 17, 2010 10:31 pm
Blog: View Blog (0)



Return to Web Design

Who is online

Users browsing this forum: No registered users and 0 guests