473,324 Members | 2,268 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Willing to "Barrow"

I don't want to learn Java, but... I'd like to build an AWT-based applet
that takes text input from a user-supplied box (text box) and, if the text
matches my secret phrase, pass the user into my web site. (I know this
isn't perfect security, but it's fine by me.)

Does anyone know where I can get some Java source that is close to
functionality? It's rather barrow this sample source than read a "Teach
Yourself Java in 21 Days" book...

Thanks!
-- Dave
Jul 17 '05 #1
1 1825
On 18 Aug 2003 00:15:00 -0700, ev**********@yahoo.com.hk (KC Wong)
two-finger typed:
I don't want to learn Java, but... I'd like to build an AWT-based applet
that takes text input from a user-supplied box (text box) and, if the text
matches my secret phrase, pass the user into my web site. (I know this
isn't perfect security, but it's fine by me.)
Where do you intend to store your "secret phrase"?


He could use (part of) the secret phrase as part of the path in his hidden
website.

E.g.: Applet asks for passphrase, first eight alphanumeric characters are
used to go to http://server.com/user/[eightcharacters]/index.html

That way, different passphrases can also go to different sites, and the
site can be bookmarked, so you only need to give out the passphrase once to
each new user.

If you notice from weblogs (or through a stats service) that more people
are accessing the site than should, you chagne the passphrase, rename the
directory and re-issue passphrases.

Java applets are first downloaded to the client's machine, then
executed using the Java VM there. So if you store your "secret phrase"
inside your applet, it will be easily decompiled and the "secret
phrase" will no longer be a secret.
Through the following construct it would become 'brute force' to retrieve
the actual password:

The password is XORed over a 64 byte random key repeatedly with a single or
double byte checksum of the original key as the 65th (and 66th) byte.
These bytes can be stored in hex in a textfile together with the URL, which
has been encrypted with that key (another XOR, perhaps ?) and prtrayed in
hex as well.

I would suggest a minimum of 6 characters for the password.

The CRC checksum can be used to see if the entered password gives a
possible key, with which the path can be deciphered.

Advantages:
1) only encypted/cryptic information is passes through the IP connection or
is readable directory from the web.
2) only the methods, not any actual password/code information is programmed
in the Applet.
3) you could create a multi-user list of user-id+password with the same key
encrypted by different passwords, but leading to the same path.
4) if the crc is only one byte, and an incorrect, but CRC valid passcode
has been found, the path would be decoded wrong and still not gain you
access to the site.

Thus in this case, using Java Applet is noo more secure than using
JavaScript.
Although the code==pathbit would even work with javascript.

You'll need some kind of server-side programming for this. Does your
host support ASP/JSP/PHP/Perl/Something similar?
You would still have to send the password across a possibly insecure
TCP/IP connection, although if that were a problem, then having a website
on a secret path wouldn't be safe either.

KC.


Cheers.
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

235
by: napi | last post by:
I think you would agree with me that a C compiler that directly produces Java Byte Code to be run on any JVM is something that is missing to software programmers so far. With such a tool one could...
26
by: Chris Potter | last post by:
Hello everyone. I am taking my first course in C and in one of my assignments i need to print out an array that could have anywhere from 0 to 100 positive integers in it (a negative integer is...
2
by: Chris Barrow | last post by:
Hi everyone, Does anyone know if there is a problem populating a system.web.ui.htmlcontrols.htmlinputtext control when the control's type is set to "password?" I am attempting to retreive a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.