473,411 Members | 2,184 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > two password problems

Join Bytes to post your question to a community of 473,411 software developers and data experts.

Two Password Problems

Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).

It works fine in my tests when using Firefox but when I load the page in
Internet Explorer it causes an error. (I am using the newest version 7 - the
one that keeps crashing!). Somehow when you click on the button to ask for
access to the page it doesn't prompt you for the password and a message
about not trusting scripts appears (but you can't get to it to say yes).

My test page is at www.uk.f2s.com/testhtm.htm and the password is "test".

The Java script I inserted is:

<script>
//We will first ask the user if s/he would like to continue into this
restricted area
var p=confirm("This page is for Governors only and it password protected, do
you still wish to enter?")
if(p){

<!-- Set Password here -->
var ans="test"

<!-- Enter Password here -->
var pass=prompt("Please enter the password")

<!-- Responses to Password here -->
if(pass!==ans)
{

<!-- User clicks on 'Cancel' -->
alert("Sorry that's wrong - you will now be returned to our home page!")
window.location="http://www.st-louismiddle.suffolk.sch.uk"

<!-- User enters correct password -->
}else{window.location="http://www.uk.f2s.com"}

<!-- User enters incorrect password -->
}else{alert("You will be returned to our home page")
window.location="http://www.st-louismiddle.suffolk.sch.uk"}
</script>

Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.

Any help appreciated.

Noel
Nov 20 '06 #1
3 2693

Noel S Pamfree wrote:
Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).
If you want security, then your friend is going about it the wrong way.
This method is easy to circumvent. For example, I can either turn
javascript off, or look at the source code to get the password.
Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.
Don't use prompts to ask for a password. Use forms instead. There is
a password type input control which does this for you:

<input type = "password">

Handle your authentication server-side.

Nov 20 '06 #2
Noel S Pamfree wrote:
I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur
at writing JavaScript).
The client is the wrong place to try to put security.
<script>
Invalid HTML.
<!-- Set Password here -->
var ans="test"

<!-- Enter Password here -->
var pass=prompt("Please enter the password")
<!-- Responses to Password here -->
if(pass!==ans)
So "If user types in something other than the password they can see by using
View Source in their browser."...
alert("Sorry that's wrong - you will now be returned to our home page!")
Punish them for their slight typo by sending them back to the start.
<!-- User enters correct password -->
}else{window.location="http://www.uk.f2s.com"}
Otherwise send them to the secret URL they can find out by viewing source.
<!-- User enters incorrect password -->
}else{alert("You will be returned to our home page")
Otherwise? The script can never get here.
Any help appreciated.
Find out what facilities your webserver has for password protection. It
likely has some facility for HTTP Basic Authentication built it, and may
have server side scripting facilities with which you can do fancier login
systems.

If it doesn't have such functionality - find better hosting, or give up on
the idea of security.

--
David Dorward <http://blog.dorward.me.uk/ <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Nov 20 '06 #3
Noel S Pamfree wrote:
Problem 1
=======

I need to create a page for a friend who operates a school website. She
needs to set up a page so that only the Governors can access it. I thought
I'd try to use JavaScript to prompt for a password. (I am only an amateur at
writing JavaScript).

It works fine in my tests when using Firefox but when I load the page in
Internet Explorer it causes an error. (I am using the newest version 7 - the
one that keeps crashing!). Somehow when you click on the button to ask for
access to the page it doesn't prompt you for the password and a message
about not trusting scripts appears (but you can't get to it to say yes).

My test page is at www.uk.f2s.com/testhtm.htm and the password is "test".

The Java script I inserted is:

<script>
//We will first ask the user if s/he would like to continue into this
restricted area
var p=confirm("This page is for Governors only and it password protected, do
you still wish to enter?")
if(p){

<!-- Set Password here -->
var ans="test"

<!-- Enter Password here -->
var pass=prompt("Please enter the password")

<!-- Responses to Password here -->
if(pass!==ans)
{

<!-- User clicks on 'Cancel' -->
alert("Sorry that's wrong - you will now be returned to our home page!")
window.location="http://www.st-louismiddle.suffolk.sch.uk"

<!-- User enters correct password -->
}else{window.location="http://www.uk.f2s.com"}

<!-- User enters incorrect password -->
}else{alert("You will be returned to our home page")
window.location="http://www.st-louismiddle.suffolk.sch.uk"}
</script>

Problem 2
=======

I want asterisks to appear when the password is entered and not have the
characters appear on the screen but I don't know how to do it in JavaScript.
If anyone knows of a webpage that will help I would be very grateful.
I believe the following solves both of your problems:

<form onSubmit="return false;" name="f">
<input type="password" name="pw">
<input type="button" value="LOGIN"
onClick="window.location.href = document.f.pw.value + '.htm'">
</form>

If your password were G5yH2iKJ, then the protected page should be named
G5yH2iKJ.htm.

Directory browsing is turned off at uk.f2s.com, which is a Conditio
Sine Qua Non before using this kind of authentication.

Suppose that the user enters a bad password, he will get a
page-not-found error (404). I see two possible solutions:

(1) Use .htaccess directive: Create a file named .htaccess, put
"ErrorDocument 404 /errors/404.html" in it (one line) and upload it to
the directory that points to www.uk.f2s.com. If there is already a
..htaccess file, just add "ErrorDocument 404 /errors/404.html" as a new
line at the bottom of it. /errors/404.html thus becomes the location to
catch page-not-found errors, like www.uk.f2s.com/notexist.htm.

(2) Before invoking the window.location.href command, send a
XMLHttpRequest to fetch the HTTP status code. This way one could
perform the location change (URL exists) or show an error to the user
(bad password, URL doesn't exist). Search for "Does a url exist?" on
http://www.jibbering.com/2002/4/httprequest.html for the recommended
way to perform such a check.

Hope this helps,

--
Bart

Nov 22 '06 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
MySql 4.1.1 Password problem - client can't connect
by: Marc | last post by:
Hello, Newbie here..... Searching and working this for a week now. We too are having the same problems. Using MySql 4.0.14 and there are "no problems" at all.
PHP
4
Minimum & Maximum for username/password
by: Lobang Trader | last post by:
Hi all, I am trying to create a username and a password class. I would like to know what are the RECOMMENDED minimum and maximum length for both fields? These fields will be something like...
Java
0
mysql password() & unix crypt password...
by: aars | last post by:
Hello all, I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a...
MySQL Database
0
how to store the password in the ENCRYPT form using castor jdo
by: Senthil Kannan | last post by:
Hi all, Currently i have a FORM_BASED Authentication of tomcat5.0 to store and retrieve passwords in my homepage.Now when i try to Store my password in a encrypted form i am having some problems,i...
MySQL Database
5
I just ran /usr/bin/mysql_install_db and it told me to set a password for the MySQL root USER. I cannot.
by: MLH | last post by:
I'm supposed to set a password for the MySQL root user. The output of mysql_install_db instructed me to run the following commands... /usr/bin/mysqladmin -u root -h appserver password mynwewpasswd...
MySQL Database
6
SP3a and strong password problem
by: John Morgan | last post by:
I urgently need tom use SP3a upgrade the instance of SQLServer200 MSDE runing on my local machine but I am having problems in doing so. My first problem is that when I start the set up procedure...
Microsoft SQL Server
1
Changing lost SA password
by: patrickshroads | last post by:
I just started a new job and no one seems to know the SA password. Here's my plan to change it: 1. I've run a trace for a couple of days to verify that there are no jobs or processes that are...
Microsoft SQL Server
0
Problems with random password generation
by: Adam Carpenter | last post by:
Hello, I am having some problems with these functions which are to be part of the forgotten password system for a website. I am sure it is something simple but I can't see it. I would be...
Visual Basic .NET
2
changing the ASPNET password
by: =?Utf-8?B?c3RhZ2VybGVp?= | last post by:
We would like to change the password for the ASPNET account on our W2k3 servers running IIS 6.0 and .NET 1.1. Will we run into problems? Is there a way to determine the current password, in case...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!