4WebHelp
 FAQ  •  Search  •  User Groups  •  Forum Admins  •  Smilies List  •  Statistics  •  Rules   •  Login   •  Register
Toggle Navigation Menu

 Passwording my Website
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic
Author Message
Abnoba12
Junior WebHelper
Junior WebHelper


Joined: 03 Feb 2005
Posts: 3

PostPosted: Thu Feb 03, 2005 10:00 pm (12 years, 9 months ago) Reply with QuoteBack to Top

I'm looking too put a password on my website. I want the whole site blocked from unwanted visitors. I know just enough about web development to get myself into trouble. I made a JavaScript password program, but the source (and all passwords) can been seen if you go to view source and it only protects the home page. The site can still be accessed from going too another page on my site. Could someone point me in the right direction? I can do the research and make a program once I know what language to learn.

O I also run the server my site is on, so if this can be done with apache or any other program that would be nice to know.
OfflineView User's ProfileFind all posts by Abnoba12Send Personal Message
Abnoba12
Junior WebHelper
Junior WebHelper


Joined: 03 Feb 2005
Posts: 3

PostPosted: Thu Feb 03, 2005 10:45 pm (12 years, 9 months ago) Reply with QuoteBack to Top

I did some looking and I found a nice Tut on using the .htaccess with apache. Smile
OfflineView User's ProfileFind all posts by Abnoba12Send Personal Message
fgidigi
Junior WebHelper
Junior WebHelper


Joined: 07 Sep 2003
Posts: 16

PostPosted: Wed Sep 07, 2005 5:16 pm (12 years, 2 months ago) Reply with QuoteBack to Top

I have a very simple html solution,
it all can be done using javascript and 3 files, the startpage, the error page and the correct page.
email me, then Ill send you the zipfile with the entire construction. Cos to post this all here, is gonna be to complicated, lots of words and stuff... that may not work.
- also, this one cant be seen using source code...
_______________
bye - figidigi

figidigi@chello.nl
OfflineView User's ProfileFind all posts by fgidigiSend Personal Message
adam
Forum Moderator & Developer



Joined: 26 Jul 2002
Posts: 704
Location: UK

PostPosted: Wed Sep 07, 2005 9:42 pm (12 years, 2 months ago) Reply with QuoteBack to Top

I'm quite honestly mystified as to how you can create a secure password system with JavaScript - as far as I'm aware JavaScript doesn't have any kind of hashing functions (though I could be wrong), so how are the passwords hidden from prying eyes? Even storing password hashes in the source wouldn't be secure, in my opinion, since having the hash of the password would make it a lot easier to crack. If you've found a way of doing it that is actually secure, please share it. I can't imagine actually using it, but I am genuinely curious.

________________________________
It's turtles all the way down...
OfflineView User's ProfileFind all posts by adamSend Personal MessageVisit Poster's Website
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Thu Sep 08, 2005 7:44 am (12 years, 2 months ago) Reply with QuoteBack to Top

I've seen Javascript systems where the password protected file's name is the password, therefore you can't access the file unless you know the password. Obviously this isn't a perfect solution, since the URL then shows up in their browser's history.

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
fgidigi
Junior WebHelper
Junior WebHelper


Joined: 07 Sep 2003
Posts: 16

PostPosted: Thu Sep 08, 2005 7:48 am (12 years, 2 months ago) Reply with QuoteBack to Top

Hi adam,
_____________________
well first of all, i am absolutely not mister know-it-all. So maybe i'm wrong with this. Secondly I think I am thourough, when it comes to testing, but there are guys that do this a lot better, so I think it is a very tough one to crack, but hey, maybe i'm off base...

anyway, before i give the code, would you test it for me??? would you crack my code?

I u want,...go to a testpage:
the url is: http://www.showerzone.nl/test/password

<> crack the 10 letter/cypher combination/password.

<> tell me the phrase that I've written behind the password and I believe you are right.

I wish u the best of luck, and am curious bout the outcome...

bye,
__________________
Jerome
OfflineView User's ProfileFind all posts by fgidigiSend Personal Message
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Thu Sep 08, 2005 8:03 am (12 years, 2 months ago) Reply with QuoteBack to Top

Your password is showerzone333, right?

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
fgidigi
Junior WebHelper
Junior WebHelper


Joined: 07 Sep 2003
Posts: 16

PostPosted: Thu Sep 08, 2005 8:16 am (12 years, 2 months ago) Reply with QuoteBack to Top

damnnnnnnnnn YOU ARE GOOD !!!!!
How did you do that?? I am baffled over here, lol Laughing

Pretty amazing!
OfflineView User's ProfileFind all posts by fgidigiSend Personal Message
fgidigi
Junior WebHelper
Junior WebHelper


Joined: 07 Sep 2003
Posts: 16

PostPosted: Thu Sep 08, 2005 8:18 am (12 years, 2 months ago) Reply with QuoteBack to Top

and that in less then 13 minutes - pffffffff ....
I think I will blow up that server, so that nobody can get in... ha ha
OfflineView User's ProfileFind all posts by fgidigiSend Personal Message
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Thu Sep 08, 2005 8:20 am (12 years, 2 months ago) Reply with QuoteBack to Top

Just disable Javascript, and view the source of http://www.showerzone.nl/test/password. Your password is right there.

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
fgidigi
Junior WebHelper
Junior WebHelper


Joined: 07 Sep 2003
Posts: 16

PostPosted: Thu Sep 08, 2005 8:37 am (12 years, 2 months ago) Reply with QuoteBack to Top

to be honest, I first tried to use a frame and then anti-rightclick all pages and put the javascript in the bottompage,
So i tried this; target=_self

cos u gotta let js know that it has to not go to a blank page but to the same frame. But I failed, I do not really know how to write javascript properly. coding [except css/html] is not my strongest side... Sad

I think if I knew a way, how to target the page in javascript, using frames [you can even make the frame real small like 1 px, so its there but u wont see it...]
then this whole view page thing with the antirightclick will be more difficult to get in.

- well I think js then is more for standard internet-users, cos if u r original like you guys, it seems pretty easy to get in -

but still, I take a deep bow *applause applause* Wink

_________
Jerome
OfflineView User's ProfileFind all posts by fgidigiSend Personal Message
Daniel
Team Member



Joined: 06 Jan 2002
Posts: 2564

PostPosted: Thu Sep 08, 2005 8:47 am (12 years, 2 months ago) Reply with QuoteBack to Top

As long as your password is in the file's source, none of these tricks will be foolproof - they'll just deter part of the people trying to access your site. The same thing goes for anti right click scripts - they only work until you turn off Javascript Wink.

________________________________
Image
OfflineView User's ProfileFind all posts by DanielSend Personal Message
Display posts from previous:      
Post New TopicReply to Topic
View Previous Topic Print this topic View Next Topic


 Jump to:   




You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.


Page generation time: 0.063776 seconds :: 17 queries executed :: All Times are GMT
Powered by phpBB 2.0 © 2001, 2002 phpBB Group :: Based on an FI Theme