I need a scheme to give people password access to JavaScript quizzes that
I have.
I've done a lot of programming but almost no JS.
Probably one password per person for each of five tests.
I suspect I will be maintaining the lists but if there is a *very* easy
routine that an end user could use it would be nice.
It usually takes more than five visits to get this guy up on anything new.
Any ideas where I might find such a beast?
I've been looking but with little luck so far. 10 2707
In article <d6************ ***********@bgt nsc05-news.ops.worldn et.att.net>,
"Mike Painter" <md*********@at t.net> writes: I need a scheme to give people password access to JavaScript quizzes that I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.) Anything
you try to do in the browser, with regards to multiple users/passwords, will
fail.
Although Jim Ley showed me a page that is "password protected" that is pretty
spiffy. I have yet to break it. But, it doesn't contain the password in the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite easily.
--
Randy
"HikksNotAtHome " <hi************ @aol.com> wrote in message
news:20******** *************** ****@mb-m10.aol.com... In article <d6************ ***********@bgt nsc05-news.ops.worldn et.att.net>, "Mike Painter" <md*********@at t.net> writes:
I need a scheme to give people password access to JavaScript quizzes
thatI have. I've done a lot of programming but almost no JS. Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything you try to do in the browser, with regards to multiple users/passwords,
will fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty spiffy. I have yet to break it. But, it doesn't contain the password in
the page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the
password is in the page and they can see the page and the encryption is
simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the
name of the file as the password. Assuming they can't see what's on the
server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off
studying or looking the answers up in the book.
Hi,
Mike Painter wrote: "HikksNotAtHome " <hi************ @aol.com> wrote in message news:20******** *************** ****@mb-m10.aol.com...
In article <d6************ ***********@bgt nsc05-news.ops.worldn et.att.net>, "Mike Painter" <md*********@at t.net> writes:
I need a scheme to give people password access to JavaScript quizzes that I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything
you try to do in the browser, with regards to multiple users/passwords,
will
fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty
spiffy. I have yet to break it. But, it doesn't contain the password in
the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the password is in the page and they can see the page and the encryption is simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the name of the file as the password. Assuming they can't see what's on the server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off studying or looking the answers up in the book.
Then don't password protect them. If you do, you insult the intelligence
of those who are able to find the password. Just let them be responsible
for their own failure if they choose to look for the answers in the
page. It's not your problem anymore.
Anything you do on the client (even your file name = password trick) can
be easily defeated.
Laurent
--
Laurent Bugnion, GalaSoft
Webdesign, Java, javascript : http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch
Laurent Bugnion, GalaSoft wrote: Hi,
Mike Painter wrote:
"HikksNotAtHome " <hi************ @aol.com> wrote in message news:20******** *************** ****@mb-m10.aol.com...
In article <d6************ ***********@bgt nsc05-news.ops.worldn et.att.net>, "Mike Painter" <md*********@at t.net> writes:
I need a scheme to give people password access to JavaScript quizzes
that
I have. I've done a lot of programming but almost no JS.
Use a server side language (PHP, ASP, Server Side Javascript, etc.)
Anything
you try to do in the browser, with regards to multiple users/passwords,
will
fail.
Although Jim Ley showed me a page that is "password protected" that is
pretty
spiffy. I have yet to break it. But, it doesn't contain the password in
the
page, the password is a key to decrypting the page.
If the password is in the page, then it can/will be broken, and quite
easily.
Granted if the person is willing to work at it and has the skills and the password is in the page and they can see the page and the encryption is simple enough they can break it.
For that type I would probably use the simplest method I've seen and use the name of the file as the password. Assuming they can't see what's on the server that's about as secure as you can get.
99.999% of the people who will be taking these quizzes would be better off studying or looking the answers up in the book.
Then don't password protect them. If you do, you insult the intelligence of those who are able to find the password. Just let them be responsible for their own failure if they choose to look for the answers in the page. It's not your problem anymore.
Anything you do on the client (even your file name = password trick) can be easily defeated.
Laurent
Actually, you can use javascript to securely password protect a page.
But the effort to maintain such a page is excessive.
In article <ix************ *****@bignews6. bellsouth.net>, Jerry Park
<No*****@No.Spa m> writes: Actually, you can use javascript to securely password protect a page. But the effort to maintain such a page is excessive.
And have the password in the page? Or are you referring to something like Jim
gave me? I can't find the link but the password was the key to the crypto. If
the password is in the page, its trivial to defeat it though.
--
Randy
"HikksNotAtHome " <hi************ @aol.com> wrote in message
news:20******** *************** ****@mb-m14.aol.com... In article <ix************ *****@bignews6. bellsouth.net>, Jerry Park <No*****@No.Spa m> writes:
Actually, you can use javascript to securely password protect a page. But the effort to maintain such a page is excessive. And have the password in the page? Or are you referring to something like
Jim gave me? I can't find the link but the password was the key to the crypto.
If the password is in the page, its trivial to defeat it though. -- Randy
Assume these lines are in the body of the text:
***********
It may seem easy for some to find a password. However for most people the
job can be very difficult. At some point the user will give up before
finding it.
This especially true if the pages include files that don't appear on the
page.
***********
What is the password? (And it's not password?)
"Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_S PAM.ch> wrote in
message news:bk******** **@rex.ip-plus.net... Hi, <snip> Anything you do on the client (even your file name = password trick) can be easily defeated.
How can it be easily defeated?
In article <Qd************ ***********@bgt nsc04-news.ops.worldn et.att.net>,
"Mike Painter" <md*********@at t.net> writes: Assume these lines are in the body of the text: *********** It may seem easy for some to find a password. However for most people the job can be very difficult. At some point the user will give up before finding it. This especially true if the pages include files that don't appear on the page. *********** What is the password? (And it's not password?)
OK, let me clarify what I said, so we aren't splitting words. If the password
is in the code, and defined as the password, then its trivial to defeat.
Meaning, you can obfuscate it, but if its defined in the code as being the
password, so that script can compare what the user inputs to it, then its
trivial to defeat.
Can you make it hard enough that most people will give up? Sure. Can you make
it impossible? Not if the password is defined in the code as being the password
(The crypto page doesn't have it defined in the page, its used as the key to
the crypto).
If you want a secure system, do it on the server. And not even that is entirely
"secure" but it beats the heck out of javascript security.
--
Randy
Hi,
Mike Painter wrote: "Laurent Bugnion, GalaSoft" <galasoft-LB@bluewin_NO_S PAM.ch> wrote in message news:bk******** **@rex.ip-plus.net...
Hi, <snip> Anything you do on the client (even your file name = password trick) can be easily defeated.
How can it be easily defeated?
Some browsers allow seeing everything on your server. It's then pretty
easy to find all the files it contains, and to load them.
If you have access to the server, it's very easy to set up password
protected directories for your users, and this way is much safer than
anything you can do on the client. Check htaccess in Google for details.
Of course, any security scheme can be defetaed eventually, but at least
you won't look like a fool for doing it on the client ;-)
Laurent
--
Laurent Bugnion, GalaSoft
Webdesign, Java, javascript : http://www.galasoft-LB.ch
Private/Malaysia: http://mypage.bluewin.ch/lbugnion
Support children in Calcutta: http://www.calcutta-espoir.ch This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Lou |
last post by:
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.
At the moment I have set up htaccess which is fine but can only
protect one directory unless I put htaccess on each directory which I
think is a bit long winded, but is there any other way I can do this
with using only one password script?
Any info would be greatly...
|
by: juglesh |
last post by:
<body><div align="center">
<?php
if (!isset($password)){
?><form action="<?php $_SERVER; ?>" method="post">
type password here <input name="password" type="text" size="8"> then
<input name="submit" type="submit">
</form>
<?php
die;
}
|
by: Max |
last post by:
Hello all,
I am trying to protect a page within my site with a JS password
scheme.
Now I know JS can be quite easily "circumvented", but I came by a code
below.
My question is:
1. Is there a way to find a password for this script? How easily?
2. Is there a stronger scheme available in JS?
|
by: Eagle35 |
last post by:
any one now any good java/Html for password pages so i can protect some
pages??
Thanks
|
by: Borked Pseudo Mailed |
last post by:
Seeking feedback on Password Protection via Java/JavaScript ONLY (no cgi):
SEE:
http://online_tools.home.att.net/tools.html
*AND*
http://online_tools.home.att.net/extraCode.htm
Thanks.
| |
by: Frank L |
last post by:
I have some accounting and tax receipting type applications, developed
for charitable and non profit groups, that are exhibiting strange
behaviour on a few of the 30 or 40 user machines.
When some users (about 3 or 4 it seems) close the frontend db the Access
database password prompt appears. Users can just Cancel the pw prompt
(or enter the correct password) and the db will then close.
On the MS Office forum I found a post that...
|
by: Miro |
last post by:
Why Password protect an MDB when someone can google and get a hack?
Wondering if anyone else has thought of this and just said "oh well"...
I plan to password protect an MDB where I have some system/program variables
and data.
But looking in google, there are plenty of programs a user can download to
hack and crack that password.
|
by: btopenworld |
last post by:
Hi
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page
requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network
Authentication provided by my web host. A whole folder is protected at once
which is very convenient but it has a problem. If a user types the wrong
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: Greg (codepug |
last post by:
If one converts that .mdb into an .mde the code is secure but the
tables can still be imported.
Just for Very Basic protection, I have placed a Password on the
database using the "Set Database Password" option. Now it requires
that the password be entered each time you start the database. How do
I enter the Password using code, so that the database starts up
without having to type it in ??? I notice that there is a way in code
to set...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |