Book Section
-----
TY JavaScript 3rd Ed.
Teach Yourself JS 1.5
Teach Yourself DHTML
Teach Yourself JS 1.3
LLWW: JavaScript

General Section
-----
Discussion Forum
Articles / Tips
JavaScript Links
About the Author
Privacy Policy
Contact Me



Other Sites
-----
Website Workshop
JavaScript Weblog

JavaScript Workshop Forums

 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
A JavaScript PassWord test

 
Post new topic   Reply to topic    JSWorkshop Forum Index -> Articles
View previous topic :: View next topic  
Author Message
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Tue Jun 10, 2003 9:47 am    Post subject: A JavaScript PassWord test Reply with quote

Making a JavaScript password protection program is rather difficult. For one thing most everyone can get the html and js files that might be used. One needs to try something different. To this end I've done just that on my test web site. See if you can crack the pure JavaScript password protection by finding out what the password is.

First go to my test web site: http://cs.yrex.com/index.htm

Then, in the URL: box put: pw/PassWord
then press the GoTo button.

Now, try to figure out what the password is. When you do, it will give you a good message in an alert box. If you manage to figure it out send me the password, using my email do NOT post it here. Also, let me know how you figured it out so we can see if there's a better way to hide it from prying eyes. Wink
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
OneWorld
New member
New member


Joined: 08 Jun 2003
Posts: 9

PostPosted: Tue Jun 10, 2003 10:26 am    Post subject: Reply with quote

done, check ur pm's
Back to top
View user's profile Send private message
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Tue Jun 10, 2003 12:14 pm    Post subject: Reply with quote

Nope, you're not done, I had a bug in the code. It's working correctly now. Try again.
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
OneWorld
New member
New member


Joined: 08 Jun 2003
Posts: 9

PostPosted: Tue Jun 10, 2003 12:54 pm    Post subject: Reply with quote

hmm, i tried again, with the same password, and i got the same box saying "ok, phil you're in"...
Back to top
View user's profile Send private message
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Wed Jun 11, 2003 6:35 am    Post subject: Reply with quote

Probably because you forgot to do a refresh to get the newest version of the code.
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
OneWorld
New member
New member


Joined: 08 Jun 2003
Posts: 9

PostPosted: Wed Jun 11, 2003 2:37 pm    Post subject: Reply with quote

i did refresh, and just now i did it again, and got the same pop up box saying the "ok phil, you're in" message...

i'll pm you the method i used to get the password so you can see whether i am missing something very obvious...
Back to top
View user's profile Send private message
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Thu Jun 12, 2003 6:51 am    Post subject: Reply with quote

Yes you're still not getting the corrected version. I guess that means you'll have to do a forced delete of all temp saved Internet files from your browser.

This is a real pain especially when you're trying to debug something on the web!

From my experience NS6 is worse than IE5 - 6 in this situation.

Another thing to try is a different browser.
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
chris
Member
Member


Joined: 11 Jun 2003
Posts: 14
Location: UK

PostPosted: Fri Jun 13, 2003 12:05 am    Post subject: Re: A JavaScript PassWord test Reply with quote

phil karras wrote:
See if you can crack the pure JavaScript password protection by finding out what the password is.

[snip]

If you manage to figure it out send me the password, using my email do NOT post it here. Also, let me know how you figured it out so we can see if there's a better way to hide it from prying eyes. Wink


e-mailed reply off BB.
Back to top
View user's profile Send private message
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Fri Jun 13, 2003 9:02 am    Post subject: Reply with quote

Your email has not arrived! Try again.

Got it...

Chris,

Very good! Did you use Netscape to view the txt file? You didn't
say. My IE does not show anything when I try.

Yes the idea of using a redirecting HTM file is good, unless
someone turns off JavaScript to get the file.

Also, encoded is good but not for this test. This is NOT really a
way to make JS have secure passwords, it's an exercise to show
the problems with JS.

I've tried to keep it as simple as I can with some misdirection
to see what would happen.

The problem with a protected directory might be that even I could
not get the data from it unless I did something and then all the
client would have to do is run the program from their machine &
keep at it until they got the file. Perhaps piece by piece.

Good ideas, keep trying! I'll see what I can do to hide the txt
file as well.
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
phil karras
Senior Member
Senior Member


Joined: 15 Jul 2002
Posts: 1697
Location: MD

PostPosted: Fri Jun 13, 2003 11:13 am    Post subject: Reply with quote

OK Chis and others, try again, don't forget to refresh and/or whatever you need to do in order to get the newest version.

If you get either:
NoItIsNot
or
ANewOneForYou

you still have the old version loaded.
_________________
Phil K
Circle Software Consulting
Test website: http://cs.yrex.com/
Guidelines for Posting: http://jsworkshop.com/posting.html
IHBAAA = It Has Been Asked And Answered
KISS: http://jsworkshop.com/bb/viewtopic.php?t=508
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    JSWorkshop Forum Index -> Articles All times are GMT - 7 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
(c) 1997-2002 Starling Technologies and Michael Moncur. Portions (c) Sams Publishing.