-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?
-----------------------------------------------------------------------
In practice you can't. While you could create a suitable
encryption system with a password in the page, the level of
support you need to do this means it's always simpler to do it
server-side. Anything that "protects" a page other
than the current one is definitely flawed.
===
Postings such as this are automatically sent once a day. Their
goal is to answer repeated questions, and to offer the content to
the community for continuous evaluation/improvement. The complete
comp.lang.javascript FAQ is at http://jibbering.com/faq/index.html.
The FAQ workers are a group of volunteers. 8 1943
In comp.lang.javascript message <45***********************@news.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dotinternet.be>
posted:
>----------------------------------------------------------------------- FAQ Topic - How can I protect a webpage in javascript? -----------------------------------------------------------------------
In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's not
completely helpful to put "it's always simpler to do it server-side".
The Topic is ambiguous. I think the intention may be
"How can I prevent access to a web page by using javascript?"
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demon.co.uk/- FAQish topics, acronyms, & links.
Plaintext, quoting : see <URL:http://www.usenet.org.uk/ukpost.html>
Do not Mail News to me. Before a reply, quote with ">" or "" (SoRFC1036)
Dr J R Stockton said the following on 2/11/2007 4:59 PM:
In comp.lang.javascript message <45***********************@news.sunsite.
dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dotinternet.be>
posted:
>----------------------------------------------------------------------- FAQ Topic - How can I protect a webpage in javascript? -----------------------------------------------------------------------
In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's not
completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything
security related in javascript is bogus.
The Topic is ambiguous. I think the intention may be
"How can I prevent access to a web page by using javascript?"
Agreed and changed to your proposed wording.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javascript message <Ro********************@telcove.net>,
Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************@aol.composted:
>Dr J R Stockton said the following on 2/11/2007 4:59 PM:
>In comp.lang.javascript message <45***********************@news.sunsite. dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dotinternet.be> posted:
>>----------------------------------------------------------------------- FAQ Topic - How can I protect a webpage in javascript? -----------------------------------------------------------------------
In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed.
Since some authors do not have access to server-side coding. it's not completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything security related in javascript is bogus.
Just omit "always", and all will be well.
>The Topic is ambiguous. I think the intention may be "How can I prevent access to a web page by using javascript?"
Agreed and changed to your proposed wording.
One can, however, protect against unauthorised viewing of the "real"
content.
<div ID=X hidden>scrambled material</div>
<div ID=Y>innocuous material</div>
<pseudojavascript>
something.onClick = function() {
Y.innerText = unscramble(X.innerText, GetKey) }
</pseudojavascript>
If Key is of a "one-time-pad" nature, used by XOR, that will be totally
secure. Then, to hide, from a casual glance at the initial page, the
existence of the secret material, start the decoding by an onClick of an
element that does not look like a control.
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6
news:comp.lang.javascript FAQ <URL:http://www.jibbering.com/faq/index.html>.
<URL:http://www.merlyn.demon.co.uk/js-index.htmjscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/TP/BP/Delphi/jscr/&c, FAQ items, links.
Dr J R Stockton said the following on 2/12/2007 9:44 AM:
In comp.lang.javascript message <Ro********************@telcove.net>,
Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************@aol.composted:
>Dr J R Stockton said the following on 2/11/2007 4:59 PM:
>>In comp.lang.javascript message <45***********************@news.sunsite. dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dotinternet.be> posted: ----------------------------------------------------------------------- FAQ Topic - How can I protect a webpage in javascript? -----------------------------------------------------------------------
In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed. Since some authors do not have access to server-side coding. it's not completely helpful to put "it's always simpler to do it server-side".
It's still more helpful than giving them a bogus answer and anything security related in javascript is bogus.
Just omit "always", and all will be well.
It is "all well" now for everyone but you. It is *always* simpler to do
it on the server. Well, except for people who choose not to employ
server side technologies and they have to suffer with the consequences
of thinking anything in client side Javascript is secure.
One can, however, protect against unauthorised viewing of the "real"
content.
<div ID=X hidden>scrambled material</div>
<div ID=Y>innocuous material</div>
<pseudojavascript>
something.onClick = function() {
Y.innerText = unscramble(X.innerText, GetKey) }
</pseudojavascript>
If Key is of a "one-time-pad" nature, used by XOR, that will be totally
secure. Then, to hide, from a casual glance at the initial page, the
existence of the secret material, start the decoding by an onClick of an
element that does not look like a control.
Do you have a demo of this concept? It wouldn't take 5 minutes to
decipher it. And, if all it takes is a "click" on an element that does
not look like a control then simply looking at the source can tell you
what to click on to see it. Trivial to bust.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javascript message <h7********************@telcove.net>,
Mon, 12 Feb 2007 21:23:21, Randy Webb <Hi************@aol.composted:
>Dr J R Stockton said the following on 2/12/2007 9:44 AM:
>In comp.lang.javascript message <Ro********************@telcove.net>, Sun, 11 Feb 2007 19:42:41, Randy Webb <Hi************@aol.composted:
>>Dr J R Stockton said the following on 2/11/2007 4:59 PM: In comp.lang.javascript message <45***********************@news.sunsite. dk>, Sun, 11 Feb 2007 00:00:02, FAQ server <ja********@dotinternet.be> posted: ----------------------------------------------------------------------- FAQ Topic - How can I protect a webpage in javascript? ----------------------------------------------------------------------- > In practice you can't. While you could create a suitable encryption system with a password in the page, the level of support you need to do this means it's always simpler to do it server-side. Anything that "protects" a page other than the current one is definitely flawed. Since some authors do not have access to server-side coding. it's not completely helpful to put "it's always simpler to do it server-side". It's still more helpful than giving them a bogus answer and anything security related in javascript is bogus.
Just omit "always", and all will be well.
It is "all well" now for everyone but you. It is *always* simpler to do it on the server. Well, except for people who choose not to employ server side technologies
Agreed.
and they have to suffer with the consequences of thinking anything in client side Javascript is secure.
Non sequitur.
>One can, however, protect against unauthorised viewing of the "real" content. <div ID=X hidden>scrambled material</div> <div ID=Y>innocuous material</div> <pseudojavascript> something.onClick = function() { Y.innerText = unscramble(X.innerText, GetKey) } </pseudojavascript> If Key is of a "one-time-pad" nature, used by XOR, that will be totally secure. Then, to hide, from a casual glance at the initial page, the existence of the secret material, start the decoding by an onClick of an element that does not look like a control.
Do you have a demo of this concept? It wouldn't take 5 minutes to decipher it.
If a full one-time-pad approach is used, which means that the "password"
must be as long is the encoded text, *nothing* can break the encoding
(not counting intercepting the password; but that does not need to be
transmitted over the Net.
And, if all it takes is a "click" on an element that does not look like a control then simply looking at the source can tell you what to click on to see it. Trivial to bust.
Certainly. I wrote "casual glance" for a reason. Of course, one can
also put a "decode" button that will amuse the simple-minded, giving
innocuous output. Remember "The Purloined Letter"? Have you yet
noticed any quasi-hidden links on my site?
--
(c) John Stockton, Surrey, UK. REPLYyyww merlyn demon co uk Turnpike 6.05.
Web <URL:http://www.uwasa.fi/~ts/http/tsfaq.html-Timo Salmi: Usenet Q&A.
Web <URL:http://www.merlyn.demon.co.uk/news-use.htm: about usage of News.
No Encoding. Quotes precede replies. Snip well. Write clearly. Mail no News.
Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there
abouts). Nothing there was interesting/important to me then and I doubt
it is now. So, to answer you question, no, as I don't care to look at
your site.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
In comp.lang.javascript message <ZI********************@telcove.net>,
Wed, 14 Feb 2007 21:22:44, Randy Webb <Hi************@aol.composted:
>Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
>Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there abouts). Nothing there was interesting/important to me then and I doubt it is now. So, to answer you question, no, as I don't care to look at your site.
As I rather suspected. No doubt Santayana would have been able to make
a suitable remark.
--
(c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demon.co.uk/- FAQish topics, acronyms, & links.
Plaintext, quoting : see <URL:http://www.usenet.org.uk/ukpost.html>
Do not Mail News to me. Before a reply, quote with ">" or "" (SoRFC1036)
Dr J R Stockton said the following on 2/15/2007 6:19 PM:
In comp.lang.javascript message <ZI********************@telcove.net>,
Wed, 14 Feb 2007 21:22:44, Randy Webb <Hi************@aol.composted:
>Dr J R Stockton said the following on 2/13/2007 7:59 AM:
<snip>
>>Have you yet noticed any quasi-hidden links on my site?
I think I looked at your site last in 1999 or 2000 (or somewhere there abouts). Nothing there was interesting/important to me then and I doubt it is now. So, to answer you question, no, as I don't care to look at your site.
As I rather suspected.
I am happy to have not disappointed you(not that it really matters a
whole lot to me *what* you think of me). But, after reading almost 10
years of your biased ignorant garbage I have no need - nor desire - to
read any more of it on a web site. Perhaps you should do some research
on Aircraft Carrier's and apply some common sense every now and then. It
might make your site worth reading.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |