Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > protection scripts

Reply
Thread Tools

protection scripts

 
 
Andrew Urquhart
Guest
Posts: n/a
 
      03-03-2004
Bernhard Sturm wrote:
> Andrew Urquhart schrieb:
>> This is a extremely popular Javascript myth, an implementation of the
>> link I posted earlier in the thread can be seen here:
>> http://pajhome.org.uk/crypt/md5/chaplogin.html

>
> but you are using JS to produce an MD5 hash key on the client side,
> and then you still use server side protection measures
> (Perl/PHP/ASP/CF), as far as I understood the original post he wanted
> to have a full JS protection (read: all client side) (this might be
> mainly because he has no direct access to the webserver, or isn't
> familiar with ASP/PHP).
> but your solution seems to rely on server side implementation as well
> (correct me if I am wrong, I just had a brief look at your code).



BTW The scripts are not mine, they're Paul Johnston's

It's reasonable to assume that the OP wanted a complete client-side
solution, but the OP didn't specify as such. The OP could have a
cllient-side solution, albeit a severly limited one, with no web server
needed to provide the random variable as in the CHAP implementation. For
example: Use the other algorithms on the site to implement a public-key
encryption system:

1. View source of a webpage you'd like to encrypt.
2. Offline encrypt the page source with the public key.
3. Write a webpage with a script block containing both the unencryption
algorithm (IIRC this may also be the same function as the encryption
algorithm). In the script block store the encrypted page from step 2 as
a variable.
4. FTP the whole thing to a web server, and let people freely view the
page.
5. People with javascript enabled who happen to know the private key for
the algorithm could enter the key into a form (say), whereupon the
unencrypted variable is unpacked into the webpage originally viewed in
step 1, the DOM of the current page could them be updated with the
unencryption result.
6. Despite sending the page over insecure means and using "insecure"
javascript the original content cannot be accessed unless the private
key is known (or you have a *very* powerful supercomputer).
7. The caveat: viewers need to know the private key independently of the
process - e.g you snail mail it to them it )

For more information on javascript encryption visit
http://pajhome.org.uk/crypt/md5/index.html, the " Users of my Script"
section is a brief but interesting read.
--
Andrew Urquhart
Reply: www.andrewu.co.uk/about/contact/


 
Reply With Quote
 
 
 
 
William Tasso
Guest
Posts: n/a
 
      03-03-2004
shane turner wrote:
> Where can I get a secure password javascript?


ASP

can't think of any others.

--
William Tasso


 
Reply With Quote
 
 
 
 
shane turner
Guest
Posts: n/a
 
      03-04-2004
"Karl Core" <(E-Mail Removed)> wrote in message news:<c24i4k$nt5$(E-Mail Removed)>...
> "shane turner" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Where can I get a secure password javascript?

>
> You can't. Javascript authentication is not secure.


Know any more secure methods? I don't know ASP though
 
Reply With Quote
 
Mark Parnell
Guest
Posts: n/a
 
      03-04-2004
On 4 Mar 2004 02:52:59 -0800, http://www.velocityreviews.com/forums/(E-Mail Removed) (shane turner)
declared in alt.html:

> Know any more secure methods? I don't know ASP though


Has to be something server-side. ASP, PHP, Perl, even .htaccess (for
basic authentication, anyway). Take your pick.

--
Mark Parnell
http://www.clarkecomputers.com.au
 
Reply With Quote
 
shane turner
Guest
Posts: n/a
 
      03-05-2004
Mark Parnell <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>.. .
> On 4 Mar 2004 02:52:59 -0800, (E-Mail Removed) (shane turner)
> declared in alt.html:
>
> > Know any more secure methods? I don't know ASP though

>
> Has to be something server-side. ASP, PHP, Perl, even .htaccess (for
> basic authentication, anyway). Take your pick.


Got any examples of Perl login scripts?
 
Reply With Quote
 
Andy Dingley
Guest
Posts: n/a
 
      03-06-2004
On Wed, 3 Mar 2004 13:48:29 -0000, "Andrew Urquhart"
<(E-Mail Removed)> wrote:

>Security is not achieved by obscurity.


Seems like a popular technique for architecting XSLT though.

document() inside a loop ! I ask you....




--
Smert' spamionam
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Python Scripts with IIS - ASP or Python-based CGI scripts withIIS - which makes more sense? davidj411 Python 0 06-27-2008 04:38 PM
copy protection / IP protection g Java 69 04-25-2006 04:10 PM
Stupid question: Making scripts python-scripts Jan Danielsson Python 8 07-22-2005 12:20 AM
Re: Stupid question: Making scripts python-scripts Jp Calderone Python 0 07-21-2005 02:38 PM



Advertisments