Welcome to WebmasterWorld Guest from 54.163.35.238

Forum Moderators: open

Message Too Old, No Replies

javascript and password

     

rhodopsin

12:11 pm on Nov 6, 2004 (gmt 0)

10+ Year Member



----------------------------------------
PASSWORD SCRIPT
------------------
If a visitor wants to go the the password protected page, they must first enter the correct password on the previous page. (Note: The password is the protected filename without the .html ending.)
This method is secure as long as the person cannot find out the name of all the files on your server. Is it possible to stop them knowing the names of all the files on my server?
---------------------------------------

<BODY>

<SCRIPT LANGUAGE="JavaScript">
var password = ''
password=prompt('Please enter your password:','');
if (password!= null) {
location.href= password + ".html";
}
</SCRIPT>

</BODY>

So my question is:

Is it possible for a website viewer to see all the filenames on my server? Perhaps to bring up some kind of index to see all the files on my server?

If so they would be able to crack this password system. Tragedy!

By the way - I know that server side is the way to go for security - but just humour me. I am trying to do it with javascript.

Would really appreciate some advice. Thanks guys.

adni18

12:38 am on Nov 8, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Well, rhodopsin: Perl and CGI can access a directory of your server, so I would not suggest using this approach.

rhodopsin

8:57 am on Nov 8, 2004 (gmt 0)

10+ Year Member



Perl and CGI can access a directory of your server

Thanks for your post mate. Just wondering what u mean by the above - I know that I can access my directories with Perl and CGI. Do u mean visitors to my website - who hypothesise a weakness and with their own server - could use Perl and CGI on their server to access my directories, on my server?

adni18

10:17 pm on Nov 9, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Perl and CGI scripts can be used to access folder directories, even from other websites.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month