-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
===
Postings such as this are automatically sent once a day. Their
goal is to answer repeated questions, and to offer the content to
the community for continuous evaluation/improvement. The complete
comp.lang.javas cript FAQ is at http://jibbering.com/faq/index.html.
The FAQ workers are a group of volunteers. 8  1988 
In comp.lang.javas cript message <45************ ***********@new s.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dot internet.be>
posted:
>-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's not
completely helpful to put "it's always simpler to do it server-side".
The Topic is ambiguous. I think the intention may be
"How can I prevent access to a web page by using javascript?"
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demo n.co.uk/- FAQish topics, acronyms, & links.
Plaintext, quoting : see <URL:http://www.usenet.org. uk/ukpost.html>
Do not Mail News to me. Before a reply, quote with ">" or "" (SoRFC1036)
Dr J R Stockton said the following on 2/11/2007 4:59 PM:
In comp.lang.javas cript message <45************ ***********@new s.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dot internet.be>
posted:
>-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's not
completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything
security related in javascript is bogus.
The Topic is ambiguous. I think the intention may be
"How can I prevent access to a web page by using javascript?"
Agreed and changed to your proposed wording.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javas cript message <Ro************ ********@telcov e.net>,
Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************ @aol.composted:
>Dr J R Stockton said the following on 2/11/2007 4:59 PM:
>In comp.lang.javas cript message <45************ ***********@new s.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dot internet.be>
posted:
>>-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's
not
completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything
security related in javascript is bogus.
Just omit "always", and all will be well.
>The Topic is ambiguous. I think the intention may be
"How can I prevent access to a web page by using javascript?"
Agreed and changed to your proposed wording.
One can, however, protect against unauthorised viewing of the "real"
content.
<div ID=X hidden>scramble d material</div>
<div ID=Y>innocuous material</div>
<pseudojavascri pt>
something.onCli ck = function() {
Y.innerText = unscramble(X.in nerText, GetKey) }
</pseudojavascrip t>
If Key is of a "one-time-pad" nature, used by XOR, that will be totally
secure. Then, to hide, from a casual glance at the initial page, the
existence of the secret material, start the decoding by an onClick of an
element that does not look like a control.
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v6.05 IE 6
news:comp.lang. javascript FAQ <URL:http://www.jibbering.c om/faq/index.html>.
<URL:http://www.merlyn.demo n.co.uk/js-index.htmjscr maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/TP/BP/Delphi/jscr/&c, FAQ items, links.
Dr J R Stockton said the following on 2/12/2007 9:44 AM:
In comp.lang.javas cript message <Ro************ ********@telcov e.net>,
Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************ @aol.composted:
>Dr J R Stockton said the following on 2/11/2007 4:59 PM:
>>In comp.lang.javas cript message <45************ ***********@new s.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dot internet.be>
posted:
-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's
not
completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything
security related in javascript is bogus.
Just omit "always", and all will be well.
It is "all well" now for everyone but you. It is *always* simpler to do
it on the server. Well, except for people who choose not to employ
server side technologies and they have to suffer with the consequences
of thinking anything in client side Javascript is secure.
One can, however, protect against unauthorised viewing of the "real"
content.
<div ID=X hidden>scramble d material</div>
<div ID=Y>innocuous material</div>
<pseudojavascri pt>
something.onCli ck = function() {
Y.innerText = unscramble(X.in nerText, GetKey) }
</pseudojavascrip t>
If Key is of a "one-time-pad" nature, used by XOR, that will be totally
secure. Then, to hide, from a casual glance at the initial page, the
existence of the secret material, start the decoding by an onClick of an
element that does not look like a control.
Do you have a demo of this concept? It wouldn't take 5 minutes to
decipher it. And, if all it takes is a "click" on an element that does
not look like a control then simply looking at the source can tell you
what to click on to see it. Trivial to bust.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javas cript message <h7************ ********@telcov e.net>,
Mon, 12 Feb 2007 21:23:21, Randy Webb <Hi************ @aol.composted:
>Dr J R Stockton said the following on 2/12/2007 9:44 AM:
>In comp.lang.javas cript message <Ro************ ********@telcov e.net>,
Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************ @aol.composted:
>>Dr J R Stockton said the following on 2/11/2007 4:59 PM:
In comp.lang.javas cript message <45************ ***********@new s.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dot internet.be>
posted:
-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
>
In practice you can't. While you could create a suitable
encryptio n system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's
not
completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything
security related in javascript is bogus.
Just omit "always", and all will be well.
It is "all well" now for everyone but you. It is *always* simpler to do
it on the server. Well, except for people who choose not to employ
server side technologies
Agreed.
and they have to suffer with the consequences of thinking anything in
client side Javascript is secure.
Non sequitur.
>One can, however, protect against unauthorised viewing of the "real"
content.
<div ID=X hidden>scramble d material</div>
<div ID=Y>innocuous material</div>
<pseudojavascr ipt>
something.onCl ick = function() {
Y.innerText = unscramble(X.in nerText, GetKey) }
</pseudojavascrip t>
If Key is of a "one-time-pad" nature, used by XOR, that will be
totally
secure. Then, to hide, from a casual glance at the initial page, the
existence of the secret material, start the decoding by an onClick of an
element that does not look like a control.
Do you have a demo of this concept? It wouldn't take 5 minutes to
decipher it.
If a full one-time-pad approach is used, which means that the "password"
must be as long is the encoded text, *nothing* can break the encoding
(not counting intercepting the password; but that does not need to be
transmitted over the Net.
And, if all it takes is a "click" on an element that does not look
like a control then simply looking at the source can tell you what to
click on to see it. Trivial to bust.
Certainly. I wrote "casual glance" for a reason. Of course, one can
also put a "decode" button that will amuse the simple-minded, giving
innocuous output. Remember "The Purloined Letter"? Have you yet
noticed any quasi-hidden links on my site?
--
(c) John Stockton, Surrey, UK. REPLYyyww merlyn demon co uk Turnpike 6.05.
Web <URL:http://www.uwasa.fi/~ts/http/tsfaq.html-Timo Salmi: Usenet Q&A.
Web <URL:http://www.merlyn.demo n.co.uk/news-use.htm: about usage of News.
No Encoding. Quotes precede replies. Snip well. Write clearly. Mail no News.
Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there
abouts). Nothing there was interesting/important to me then and I doubt
it is now. So, to answer you question, no, as I don't care to look at
your site.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javas cript message <ZI************ ********@telcov e.net>,
Wed, 14 Feb 2007 21:22:44, Randy Webb <Hi************ @aol.composted:
>Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
>Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there
abouts). Nothing there was interesting/important to me then and I doubt
it is now. So, to answer you question, no, as I don't care to look at
your site.
As I rather suspected. No doubt Santayana would have been able to make
a suitable remark.
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demo n.co.uk/- FAQish topics, acronyms, & links.
Plaintext, quoting : see <URL:http://www.usenet.org. uk/ukpost.html>
Do not Mail News to me. Before a reply, quote with ">" or "" (SoRFC1036)
Dr J R Stockton said the following on 2/15/2007 6:19 PM:
In comp.lang.javas cript message <ZI************ ********@telcov e.net>,
Wed, 14 Feb 2007 21:22:44, Randy Webb <Hi************ @aol.composted:
>Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
>>Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there
abouts). Nothing there was interesting/important to me then and I doubt
it is now. So, to answer you question, no, as I don't care to look at
your site.
As I rather suspected.
I am happy to have not disappointed you(not that it really matters a
whole lot to me *what* you think of me). But, after reading almost 10
years of your biased ignorant garbage I have no need - nor desire - to
read any more of it on a web site. Perhaps you should do some research
on Aircraft Carrier's and apply some common sense every now and then. It
might make your site worth reading.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
With clientside Javascript you can't as your code is distributed
in source form and is easily readable. With JScript, there is the
Script Encoder (see MSDN), but this is nothing more than obfuscation.
Disabling the right mouse button also does...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
