Two Password Problems

Noel S Pamfree

Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).

It works fine in my tests when using Firefox but when I load the page in
Internet Explorer it causes an error. (I am using the newest version 7 - the
one that keeps crashing!). Somehow when you click on the button to ask for
access to the page it doesn't prompt you for the password and a message
about not trusting scripts appears (but you can't get to it to say yes).

My test page is at www.uk.f2s.com/testhtm.htm and the password is "test".

The Java script I inserted is:

<script>
//We will first ask the user if s/he would like to continue into this
restricted area
var p=confirm("This page is for Governors only and it password protected, do
you still wish to enter?")
if(p){


var ans="test"


var pass=prompt("Pl ease enter the password")


if(pass!==ans)
{


alert("Sorry that's wrong - you will now be returned to our home page!")
window.location ="http://www.st-louismiddle.suf folk.sch.uk"


}else{window.lo cation="http://www.uk.f2s.com" }


}else{alert("Yo u will be returned to our home page")
window.location ="http://www.st-louismiddle.suf folk.sch.uk"}
</script>

Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.

Any help appreciated.

Noel

Nov 20 '06 #1

Subscribe Reply

2713

web.dev

Noel S Pamfree wrote:

Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).

If you want security, then your friend is going about it the wrong way.
This method is easy to circumvent. For example, I can either turn
javascript off, or look at the source code to get the password.

Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.

Don't use prompts to ask for a password. Use forms instead. There is
a password type input control which does this for you:

<input type = "password">

Handle your authentication server-side.

Nov 20 '06 #2

David Dorward

Noel S Pamfree wrote:

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur
at writing JavaScript).

The client is the wrong place to try to put security.

<script>

Invalid HTML.

var ans="test"


var pass=prompt("Pl ease enter the password")

if(pass!==ans)

So "If user types in something other than the password they can see by using
View Source in their browser."...

alert("Sorry that's wrong - you will now be returned to our home page!")

Punish them for their slight typo by sending them back to the start.

}else{window.lo cation="http://www.uk.f2s.com" }

Otherwise send them to the secret URL they can find out by viewing source.

}else{alert("Yo u will be returned to our home page")

Otherwise? The script can never get here.

Any help appreciated.

Find out what facilities your webserver has for password protection. It
likely has some facility for HTTP Basic Authentication built it, and may
have server side scripting facilities with which you can do fancier login
systems.

If it doesn't have such functionality - find better hosting, or give up on
the idea of security.

--
David Dorward <http://blog.dorward.me .uk/ <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Nov 20 '06 #3

Bart Van der Donck

Noel S Pamfree wrote:

Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).

It works fine in my tests when using Firefox but when I load the page in
Internet Explorer it causes an error. (I am using the newest version 7 - the
one that keeps crashing!). Somehow when you click on the button to ask for
access to the page it doesn't prompt you for the password and a message
about not trusting scripts appears (but you can't get to it to say yes).

My test page is at www.uk.f2s.com/testhtm.htm and the password is "test".

The Java script I inserted is:

<script>
//We will first ask the user if s/he would like to continue into this
restricted area
var p=confirm("This page is for Governors only and it password protected, do
you still wish to enter?")
if(p){


var ans="test"


var pass=prompt("Pl ease enter the password")


if(pass!==ans)
{


alert("Sorry that's wrong - you will now be returned to our home page!")
window.location ="http://www.st-louismiddle.suf folk.sch.uk"


}else{window.lo cation="http://www.uk.f2s.com" }


}else{alert("Yo u will be returned to our home page")
window.location ="http://www.st-louismiddle.suf folk.sch.uk"}
</script>

Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.

I believe the following solves both of your problems:

<form onSubmit="retur n false;" name="f">
<input type="password" name="pw">
<input type="button" value="LOGIN"
onClick="window .location.href = document.f.pw.v alue + '.htm'">
</form>

If your password were G5yH2iKJ, then the protected page should be named
G5yH2iKJ.htm.

Directory browsing is turned off at uk.f2s.com, which is a Conditio
Sine Qua Non before using this kind of authentication.

Suppose that the user enters a bad password, he will get a
page-not-found error (404). I see two possible solutions:

(1) Use .htaccess directive: Create a file named .htaccess, put
"ErrorDocum ent 404 /errors/404.html" in it (one line) and upload it to
the directory that points to www.uk.f2s.com. If there is already a
..htaccess file, just add "ErrorDocum ent 404 /errors/404.html" as a new
line at the bottom of it. /errors/404.html thus becomes the location to
catch page-not-found errors, like www.uk.f2s.com/notexist.htm.

(2) Before invoking the window.location .href command, send a
XMLHttpRequest to fetch the HTTP status code. This way one could
perform the location change (URL exists) or show an error to the user
(bad password, URL doesn't exist). Search for "Does a url exist?" on
http://www.jibbering.com/2002/4/httprequest.html for the recommended
way to perform such a check.

Hope this helps,

--
Bart

Nov 22 '06 #4

Similar topics

3302

MySql 4.1.1 Password problem - client can't connect

by: Marc | last post by:

Hello, Newbie here..... Searching and working this for a week now. We too are having the same problems. Using MySql 4.0.14 and there are "no problems" at all.

PHP

6061

Minimum & Maximum for username/password

by: Lobang Trader | last post by:

Hi all, I am trying to create a username and a password class. I would like to know what are the RECOMMENDED minimum and maximum length for both fields? These fields will be something like this: private static final int DEFAULT_MINIMUM_LENGTH = ??????

Java

5658

mysql password() & unix crypt password...

by: aars | last post by:

Hello all, I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a function that creates mysql databases and grant the right privileges to a user. But the problem is that mysql wants to have the plaintext password for the user in the "grant ... identified by 'pwd'" field, or in a manual query to update the password in...

MySQL Database

1818

how to store the password in the ENCRYPT form using castor jdo

by: Senthil Kannan | last post by:

Hi all, Currently i have a FORM_BASED Authentication of tomcat5.0 to store and retrieve passwords in my homepage.Now when i try to Store my password in a encrypted form i am having some problems,i am listing the problems here.do help me to fix this. when a new user signup to my homepage his datas are to be stored in database.while storing this i need to store the password in encrypted manner,when i insert it manually in comman line it...

MySQL Database

4299

I just ran /usr/bin/mysql_install_db and it told me to set a password for the MySQL root USER. I cannot.

by: MLH | last post by:

I'm supposed to set a password for the MySQL root user. The output of mysql_install_db instructed me to run the following commands... /usr/bin/mysqladmin -u root -h appserver password mynwewpasswd I did. It did not work. Here's the error: /usr/bin/mysqladmin: connect to server at 'appserver' failed error: 'Host 'appserver.crci.com' is not allowed to connect to this MySQL server' Another command I'm supposed to run also resulted in an...

MySQL Database

5868

SP3a and strong password problem

by: John Morgan | last post by:

I urgently need tom use SP3a upgrade the instance of SQLServer200 MSDE runing on my local machine but I am having problems in doing so. My first problem is that when I start the set up procedure I get the message "A strong SA password is required for security reasons. Please use SAPWD switch to supply the same" Currently the sa password is Abc/def/ghk1

Microsoft SQL Server

6223

Changing lost SA password

by: patrickshroads | last post by:

I just started a new job and no one seems to know the SA password. Here's my plan to change it: 1. I've run a trace for a couple of days to verify that there are no jobs or processes that are connecting as SA and that would break if I changed the password. 2. Before the changing the password I am going to bulk copy out the sysxlogins row for SA so that if things go wrong I can reinset the old data with the old unknown password (will...

Microsoft SQL Server

1215

Problems with random password generation

by: Adam Carpenter | last post by:

Hello, I am having some problems with these functions which are to be part of the forgotten password system for a website. I am sure it is something simple but I can't see it. I would be grateful for any help anyone could offer. The plan is: The users forgets their password so they enter their email address together with responses to some security questions (currently just zip/postcode). A random password is generated and, providing...

Visual Basic .NET

6867

changing the ASPNET password

by: =?Utf-8?B?c3RhZ2VybGVp?= | last post by:

We would like to change the password for the ASPNET account on our W2k3 servers running IIS 6.0 and .NET 1.1. Will we run into problems? Is there a way to determine the current password, in case we want to roll it back? thanks

ASP.NET

8182

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8688

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8635

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8352

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8494

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7178

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6115

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5570

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4085

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration