473,711 Members | 2,734 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How secure is this script?

2 New Member
[HTML]<tr><td colspan=2 align=center><f ont size="+2"><b>Me mbers-Only Area!</b></font></td></tr>
<tr><td>Usernam e:</td><td><select name=memlist>
<option value='x'>
<option value='John Smith|42691|NGL OQEMM'>John Smith
<option value='Peter Jones|52219|GNL VAPMV'>Peter Jones
<option value='Sue Brown|18215|PXA PGWKY'>Sue Brown
<option value='Sally West|64403|NUIR TURT'>Sally West
<tr><td>Passwor d:</td><td><input type=password size=10 maxlength=8 name=pass></td></tr>
<tr><td colspan=2 align=center><i nput type=button value="Login" onclick="check( this.form)"></td>
Expand|Select|Wrap|Line Numbers
  1. <SCRIPT LANGUAGE="JavaScript">
  2. <!-- Begin
  3. var params=new Array(4);
  5. function check(form) {
  6. which=form.memlist.selectedIndex;
  7. choice = form.memlist.options[which].value+"|";
  8. if (choice=="x|") {
  9. alert("Please Select Your Name From The List");
  10. return;
  11. }
  12. p=0;
  13. for (i=0;i<3;i++) {
  14. a=choice.indexOf("|",p);
  15. params[i]=choice.substring(a,p);
  16. p=a+1;
  17. }
  18. h1=makehash(form.pass.value,3);
  19. h2=makehash(form.pass.value,10)+" ";
  20. if (h1!=params[1]) {
  21. alert("Incorrect Password!"); return; };
  22. var page="";
  23. for (var i=0;i<8;i++) {
  24. letter=params[2].substring(i,i+1)
  25. ul=letter.toUpperCase();
  26. a=alpha.indexOf(ul,0);
  27. a-=(h2.substring(i,i+1)*1);
  28. if (a<0) a+=26;
  29. page+=alpha.substring(a,a+1); };
  30. top.location=page.toLowerCase()+".html";
  31. }
  32. function makehash(pw,mult) {
  33. pass=pw.toUpperCase();
  34. hash=0;
  35. for (i=0;i<8;i++) {
  36. letter=pass.substring(i,i+1);
  37. c=alpha.indexOf(letter,0)+1;
  38. hash=hash*mult+c;
  39. }
  40. return(hash);
  41. }
  42. // End -->
  43. </script>
Sep 11 '07 #1
4 1480
2,476 Top Contributor
Welcome to TSDN!
Be specific and use Code Tags while you do Post.
Be more specific about your Problem.

Kind regards,
Sep 11 '07 #2
2 New Member
im not too sure what you mean by "code tags" i thought they were already included in what i posted.

I got the code from another javascript site and basically what it does is encrypt pasword | page.html for each user you choose. Users can be directed to the same page or each to a different page as you choose. What i dont know seeing that i pretty much know nothing about javascript is how easy this is to decode.
Sep 11 '07 #3
5,390 Recognized Expert Moderator Expert
hi ...

code tags are wrapped around your posted code to format and syntax-highlight it:

for example:

[CODE=javascrip t]
code goes here

kind regards
Sep 11 '07 #4
16,027 Recognized Expert Moderator MVP
I got the code from another javascript site and basically what it does is encrypt pasword | page.html for each user you choose. Users can be directed to the same page or each to a different page as you choose. What i dont know seeing that i pretty much know nothing about javascript is how easy this is to decode.
Anything on the client-side is relatively easy to decode especially for someone determined.

In your code, someone just needs to reverse the process of makehash() and they have the required passwords and URLs.

The solution is to code all login on the server-side.
Sep 11 '07 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc) combination? I have the following in mind: I wanted to store all my( and my brothers and sisters) important document information such as birth certificate, SSN, passport number, travel documents, insurance(car, home, etc) document, and other...
by: deko | last post by:
I use a download script to allow users to download files that are not in a publicly accessible directory. The files should only be downloadable from a secure page which only authenticated users have access to. But how do I prevent someone from running the download script? The hyperlinks in the secure page point to the download script which is in a public directory. If the script is not in a public directory, the links fail. The...
by: andrew blah | last post by:
Hello I have recently released catchmail - a free (BSD license) open source Python utility www.users.bigpond.net.au/mysite/catchmail.htm This script processes in and outbound emails and stores them to a database. The source code is here: http://www.users.bigpond.net.au/mysite/current/catchmail.py
by: A.M | last post by:
Hi, My ASP.NET application uses SSL on IIS6. up on visiting some pages, IE 6 shows this security alert: This page contains both secure and non secure items. Do you want to display non-secure items? Regardless I answer no (or yes), everything works fine.
by: deko | last post by:
I have files on my Apache web server that are NOT in publicly accessible space. I want to make these files available for download only to authenticated users. I currently use a download script that is accessed from an SSL-encrypted page (that the user arrives at after authenticating). There are links in this page that initiate the different file downloads by passing a variable (name of the directory and file) to the download script. ...
by: Nemon | last post by:
I need to expose some scripting functionality to novice users in a project of mine. What i wonderd was if anyone knew a way of executing secure PHP from within a PHP script or an alternative embedded scripting method? Some interaction between the PHP script host and the secure embedded script are needed. I'm currently i'm playing with ASP.NET(C#) and embeded jscript(spidermonkey) via managed C++ library but it's quite alot of work,...
by: Fredrik Tolf | last post by:
Hi List! I was thinking about secure Python code execution, and I'd really appreciate some comments from those who know Python better than I do. I was thinking that maybe it could be possible to load and run untrusted Python code, simply by loading it in a module with a modified version of __builtins__. Without any reachable function that do unsafe operations, code running from there shouldn't be able to do evil things.
by: knal | last post by:
Hi there, I'm looking for a secure login script for a sort-of-community site... (PHP, MySQL, sessions, or maybe something else ... ) I know there are a lot of scripts out there, but none of them really seem secure, or have other kind of flaws (like IP based login etc.). Why i'm asking here, is because there's experience out there, and i hope experience can tell me what my best shot is. I'm aware that i will very probably have to do...
by: tshad | last post by:
I have a problem with a page I am trying to secure. It has a flash object as well as a couple of 3rd party objects used for tracking use of the page. I keep getting a message saying that there are unsecure items on the page. I assume this is because of some absolute URL paths. But one of them doesn't cause the problem and it also has an absolute URL in it. The first 2 cause an error:...
by: rmsterling | last post by:
All, Subject : SQL Server 2005 SSIS Script Help - XML Secure Pull in to DB table I was wondering if any of you could help me with something..... I want to design a SSIS script that will pull XML data from a secure HTTP website direct in to a local database table. I have had no training on SQL Server 2005 SSIS. I have a reasonable
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.