473,395 Members | 2,253 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > how secure is this script?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

How secure is this script?

[HTML]<tr><td colspan=2 align=center><font size="+2"><b>Members-Only Area!</b></font></td></tr>
<tr><td>Username:</td><td><select name=memlist>
<option value='x'>
<option value='John Smith|42691|NGLOQEMM'>John Smith
<option value='Peter Jones|52219|GNLVAPMV'>Peter Jones
<option value='Sue Brown|18215|PXAPGWKY'>Sue Brown
<option value='Sally West|64403|NUIRTURT'>Sally West
</select></td></tr>
<tr><td>Password:</td><td><input type=password size=10 maxlength=8 name=pass></td></tr>
<tr><td colspan=2 align=center><input type=button value="Login" onclick="check(this.form)"></td>
</tr>
</table>
</form>
[/HTML]
Expand|Select|Wrap|Line Numbers
  1. <SCRIPT LANGUAGE="JavaScript">
  2. <!-- Begin
  3. var params=new Array(4);
  4. var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
  5. function check(form) {
  6. which=form.memlist.selectedIndex;
  7. choice = form.memlist.options[which].value+"|";
  8. if (choice=="x|") {
  9. alert("Please Select Your Name From The List");
  10. return;
  11. }
  12. p=0;
  13. for (i=0;i<3;i++) {
  14. a=choice.indexOf("|",p);
  15. params[i]=choice.substring(a,p);
  16. p=a+1;
  17. }
  18. h1=makehash(form.pass.value,3);
  19. h2=makehash(form.pass.value,10)+" ";
  20. if (h1!=params[1]) {
  21. alert("Incorrect Password!"); return; };
  22. var page="";
  23. for (var i=0;i<8;i++) {
  24. letter=params[2].substring(i,i+1)
  25. ul=letter.toUpperCase();
  26. a=alpha.indexOf(ul,0);
  27. a-=(h2.substring(i,i+1)*1);
  28. if (a<0) a+=26;
  29. page+=alpha.substring(a,a+1); };
  30. top.location=page.toLowerCase()+".html";
  31. }
  32. function makehash(pw,mult) {
  33. pass=pw.toUpperCase();
  34. hash=0;
  35. for (i=0;i<8;i++) {
  36. letter=pass.substring(i,i+1);
  37. c=alpha.indexOf(letter,0)+1;
  38. hash=hash*mult+c;
  39. }
  40. return(hash);
  41. }
  42. // End -->
  43. </script>
Sep 11 '07 #1
4 1470
dmjpro
2,476 2GB
Hey!
Welcome to TSDN!
Be specific and use Code Tags while you do Post.
Be more specific about your Problem.

Kind regards,
Dmjpro.
Sep 11 '07 #2
im not too sure what you mean by "code tags" i thought they were already included in what i posted.

I got the code from another javascript site and basically what it does is encrypt pasword | page.html for each user you choose. Users can be directed to the same page or each to a different page as you choose. What i dont know seeing that i pretty much know nothing about javascript is how easy this is to decode.
Sep 11 '07 #3
gits
5,390 Expert Mod 4TB
hi ...

code tags are wrapped around your posted code to format and syntax-highlight it:

for example:

[CODE=javascript]
code goes here
[/code]

kind regards
Sep 11 '07 #4
acoder
16,027 Expert Mod 8TB
I got the code from another javascript site and basically what it does is encrypt pasword | page.html for each user you choose. Users can be directed to the same page or each to a different page as you choose. What i dont know seeing that i pretty much know nothing about javascript is how easy this is to decode.
Anything on the client-side is relatively easy to decode especially for someone determined.

In your code, someone just needs to reverse the process of makehash() and they have the required passwords and URLs.

The solution is to code all login on the server-side.
Sep 11 '07 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

6
Secure Database Systems
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
PHP
1
Secure downloads - how to link to file?
by: deko | last post by:
I use a download script to allow users to download files that are not in a publicly accessible directory. The files should only be downloadable from a secure page which only authenticated users...
PHP
6
Secure Python code - volunteers for code review?
by: andrew blah | last post by:
Hello I have recently released catchmail - a free (BSD license) open source Python utility www.users.bigpond.net.au/mysite/catchmail.htm This script processes in and outbound emails and stores...
Python
5
This page contains both secure and non secure items.
by: A.M | last post by:
Hi, My ASP.NET application uses SSL on IIS6. up on visiting some pages, IE 6 shows this security alert: This page contains both secure and non secure items. Do you want to display non-secure...
ASP.NET
2
How to secure downloads for authenticated users?
by: deko | last post by:
I have files on my Apache web server that are NOT in publicly accessible space. I want to make these files available for download only to authenticated users. I currently use a download script...
PHP
2
Embedding secure scripting language in PHP (req PHP internals expert)
by: Nemon | last post by:
I need to expose some scripting functionality to novice users in a project of mine. What i wonderd was if anyone knew a way of executing secure PHP from within a PHP script or an alternative...
PHP
31
Secure Python
by: Fredrik Tolf | last post by:
Hi List! I was thinking about secure Python code execution, and I'd really appreciate some comments from those who know Python better than I do. I was thinking that maybe it could be possible...
Python
14
Secure login tutorial
by: knal | last post by:
Hi there, I'm looking for a secure login script for a sort-of-community site... (PHP, MySQL, sessions, or maybe something else ... ) I know there are a lot of scripts out there, but none of them...
PHP
3
Secure page problem
by: tshad | last post by:
I have a problem with a page I am trying to secure. It has a flash object as well as a couple of 3rd party objects used for tracking use of the page. I keep getting a message saying that there are...
ASP.NET
1
SQL Server 2005 SSIS Script Help - XML Secure Pull in to DB table
by: rmsterling | last post by:
All, Subject : SQL Server 2005 SSIS Script Help - XML Secure Pull in to DB table I was wondering if any of you could help me with something..... I want to design a SSIS script that will pull...
Microsoft SQL Server
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!