I need a scheme to give people password access to JavaScript quizzes that
I have.
I've done a lot of programming but almost no JS.
Probably one password per person for each of five tests.
I suspect I will be maintaining the lists but if there is a *very* easy
routine that an end user could use it would be nice.
It usually takes more than five visits to get this guy up on anything new.
Any ideas where I might find such a beast?
I've been looking but with little luck so far. 10 2659
In article <d6***********************@bgtnsc05-news.ops.worldnet.att.net>,
"Mike Painter" <md*********@att.net> writes: I need a scheme to give people password access to JavaScript quizzes that I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.) Anything
you try to do in the browser, with regards to multiple users/passwords, will
fail.
Although Jim Ley showed me a page that is "password protected" that is pretty
spiffy. I have yet to break it. But, it doesn't contain the password in the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite easily.
--
Randy
"HikksNotAtHome" <hi************@aol.com> wrote in message
news:20***************************@mb-m10.aol.com... In article <d6***********************@bgtnsc05-news.ops.worldnet.att.net>, "Mike Painter" <md*********@att.net> writes:
I need a scheme to give people password access to JavaScript quizzes
thatI have. I've done a lot of programming but almost no JS. Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything you try to do in the browser, with regards to multiple users/passwords,
will fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty spiffy. I have yet to break it. But, it doesn't contain the password in
the page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the
password is in the page and they can see the page and the encryption is
simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the
name of the file as the password. Assuming they can't see what's on the
server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off
studying or looking the answers up in the book.
Hi,
Mike Painter wrote: "HikksNotAtHome" <hi************@aol.com> wrote in message news:20***************************@mb-m10.aol.com...
In article <d6***********************@bgtnsc05-news.ops.worldnet.att.net>, "Mike Painter" <md*********@att.net> writes:
I need a scheme to give people password access to JavaScript quizzes that I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything
you try to do in the browser, with regards to multiple users/passwords,
will
fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty
spiffy. I have yet to break it. But, it doesn't contain the password in
the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the password is in the page and they can see the page and the encryption is simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the name of the file as the password. Assuming they can't see what's on the server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off studying or looking the answers up in the book.
Then don't password protect them. If you do, you insult the intelligence
of those who are able to find the password. Just let them be responsible
for their own failure if they choose to look for the answers in the
page. It's not your problem anymore.
Anything you do on the client (even your file name = password trick) can
be easily defeated.
Laurent
--
Laurent Bugnion, GalaSoft
Webdesign, Java, javascript : http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch
Laurent Bugnion, GalaSoft wrote: Hi,
Mike Painter wrote:
"HikksNotAtHome" <hi************@aol.com> wrote in message news:20***************************@mb-m10.aol.com...
In article <d6***********************@bgtnsc05-news.ops.worldnet.att.net>, "Mike Painter" <md*********@att.net> writes:
I need a scheme to give people password access to JavaScript quizzes
that
I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything
you try to do in the browser, with regards to multiple users/passwords,
will
fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty
spiffy. I have yet to break it. But, it doesn't contain the password in
the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the password is in the page and they can see the page and the encryption is simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the name of the file as the password. Assuming they can't see what's on the server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off studying or looking the answers up in the book.
Then don't password protect them. If you do, you insult the intelligence of those who are able to find the password. Just let them be responsible for their own failure if they choose to look for the answers in the page. It's not your problem anymore.
Anything you do on the client (even your file name = password trick) can be easily defeated.
Laurent
Actually, you can use javascript to securely password protect a page.
But the effort to maintain such a page is excessive.
In article <ix*****************@bignews6.bellsouth.net>, Jerry Park
<No*****@No.Spam> writes: Actually, you can use javascript to securely password protect a page. But the effort to maintain such a page is excessive.
And have the password in the page? Or are you referring to something like Jim
gave me? I can't find the link but the password was the key to the crypto. If
the password is in the page, its trivial to defeat it though.
--
Randy
"HikksNotAtHome" <hi************@aol.com> wrote in message
news:20***************************@mb-m14.aol.com... In article <ix*****************@bignews6.bellsouth.net>, Jerry Park <No*****@No.Spam> writes:
Actually, you can use javascript to securely password protect a page. But the effort to maintain such a page is excessive. And have the password in the page? Or are you referring to something like
Jim gave me? I can't find the link but the password was the key to the crypto.
If the password is in the page, its trivial to defeat it though. -- Randy
Assume these lines are in the body of the text:
***********
It may seem easy for some to find a password. However for most people the
job can be very difficult. At some point the user will give up before
finding it.
This especially true if the pages include files that don't appear on the
page.
***********
What is the password? (And it's not password?)
"Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_SPAM.ch> wrote in
message news:bk**********@rex.ip-plus.net... Hi, <snip> Anything you do on the client (even your file name = password trick) can be easily defeated.
How can it be easily defeated?
In article <Qd***********************@bgtnsc04-news.ops.worldnet.att.net>,
"Mike Painter" <md*********@att.net> writes: Assume these lines are in the body of the text: *********** It may seem easy for some to find a password. However for most people the job can be very difficult. At some point the user will give up before finding it. This especially true if the pages include files that don't appear on the page. *********** What is the password? (And it's not password?)
OK, let me clarify what I said, so we aren't splitting words. If the password
is in the code, and defined as the password, then its trivial to defeat.
Meaning, you can obfuscate it, but if its defined in the code as being the
password, so that script can compare what the user inputs to it, then its
trivial to defeat.
Can you make it hard enough that most people will give up? Sure. Can you make
it impossible? Not if the password is defined in the code as being the password
(The crypto page doesn't have it defined in the page, its used as the key to
the crypto).
If you want a secure system, do it on the server. And not even that is entirely
"secure" but it beats the heck out of javascript security.
--
Randy
Hi,
Mike Painter wrote: "Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_SPAM.ch> wrote in message news:bk**********@rex.ip-plus.net...
Hi, <snip> Anything you do on the client (even your file name = password trick) can be easily defeated.
How can it be easily defeated?
Some browsers allow seeing everything on your server. It's then pretty
easy to find all the files it contains, and to load them.
If you have access to the server, it's very easy to set up password
protected directories for your users, and this way is much safer than
anything you can do on the client. Check htaccess in Google for details.
Of course, any security scheme can be defetaed eventually, but at least
you won't look like a fool for doing it on the client ;-)
Laurent
--
Laurent Bugnion, GalaSoft
Webdesign, Java, javascript : http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch
"Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_SPAM.ch> wrote in
message news:3f********@news.bluewin.ch... Hi,
Mike Painter wrote: "Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_SPAM.ch> wrote in message news:bk**********@rex.ip-plus.net...
Hi, <snip> Anything you do on the client (even your file name = password trick) can be easily defeated.
How can it be easily defeated?
Some browsers allow seeing everything on your server. It's then pretty easy to find all the files it contains, and to load them.
No, some servers allow seeing everything. The browser can't over ride that. If you have access to the server, it's very easy to set up password protected directories for your users, and this way is much safer than anything you can do on the client. Check htaccess in Google for details. Of course, any security scheme can be defetaed eventually, but at least you won't look like a fool for doing it on the client ;-)
True enough but it does not solve the problem of multiple users with
passwords gaining access to those protected directories.
..htaccess works fine if I want *a* password.
My original post asked for references to a solution which might be JS, not
a rehash of things that don't meet the criteria.
The MS Access groups offer solutions, so far I've seen nothing here but
people saying how easy it is to break code and figure things out.
But when I ask how, they all fall silent. I'll look elsewhere. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Lou |
last post by:
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.
At the moment I have set up...
|
by: juglesh |
last post by:
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input...
|
by: Max |
last post by:
Hello all,
I am trying to protect a page within my site with a JS password
scheme.
Now I know JS can be quite easily "circumvented", but I came by a code
below.
My question is:
1. Is there...
|
by: Eagle35 |
last post by:
any one now any good java/Html for password pages so i can protect some
pages??
Thanks
|
by: Borked Pseudo Mailed |
last post by:
Seeking feedback on Password Protection via Java/JavaScript ONLY (no cgi):
SEE:
http://online_tools.home.att.net/tools.html
*AND*
http://online_tools.home.att.net/extraCode.htm
Thanks.
|
by: Frank L |
last post by:
I have some accounting and tax receipting type applications, developed
for charitable and non profit groups, that are exhibiting strange
behaviour on a few of the 30 or 40 user machines.
When...
|
by: Miro |
last post by:
Why Password protect an MDB when someone can google and get a hack?
Wondering if anyone else has thought of this and just said "oh well"...
I plan to password protect an MDB where I have some...
|
by: btopenworld |
last post by:
Hi
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page
requiring protection: uses session - works fine
B) On...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help...
|
by: Greg (codepug |
last post by:
If one converts that .mdb into an .mde the code is secure but the
tables can still be imported.
Just for Very Basic protection, I have placed a Password on the
database using the "Set Database...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |