Re: critique

by "Dr. George John" <georgedr(at)giasbg01.vsnl.net.in>

 Date:  Sat, 2 Sep 2000 08:53:58 +0530
 To:  <jwillmore(at)cyberia.com>,
"Sarah Trowbridge" <strowb(at)mindspring.com>,
<hwg-style(at)hwg.org>
 References:  hwg
  todo: View Thread, Original
Thanks for your input. However Someone recommended
http://www.hostedscripts.com and I have got them to password protect a page.
They seem to allow unlimited users (so far I have entered 100 users) and it
seems to be working fine. Just visit http://www.cottonians.com and try to
enter the members area. My server is not unix so the .htaccess does not
work.
George

----- Original Message -----
From: <jwillmore(at)cyberia.com>
To: Sarah Trowbridge <strowb(at)mindspring.com>; <hwg-style(at)hwg.org>
Sent: Saturday, September 02, 2000 8:52 AM
Subject: Re: critique


> I agree that this looks good.  However, please change the way you protect
the
> pages.  If one were to use a "brute force" attack, one could find the
"secret"
> pages lurking in the background.  I would talk to the admin and try and
get some
> other form of security going - or - at the very least, make him aware of
what
> you are doing.
>
> Right now, the user gets a 404 error (Page Not Found).  This, in the eyes
of an
> admin could mean anything.  If the admin saw a lot of 404 errors show up
in the
> log file of the server, then at least he would know he had a visit from
> "undesirables".
>
> As developers, we can not live with the idea that we don't have to worry
about
> security.  One of the methods that "undesirables" use to gain access to a
server
> is through poorly written scripts.  We have a certain responsibility to
make
> sure we do our part to prevent security breaches from happening.
>
> You may want to use <SCRIPT src="my_script_location_here.js">.  Place your
> JavaScript in the my_script_locatione_here.js file.  This way, the script
is not
> visable when some bright smart alack such as myself views the source for
your
> page.  The code is executed, but the content remains on the server - away
from
> prying eyes.
>
> Jim
>
> > It looks fine in Opera 3.60. Of course, not being a Cottonian, I
couldn't
> > get into the password-protected area. What, specifically, did you want
> > comments on in that area?
> >
> > At 07:58 AM 08/31/2000 +0530, Dr. George John wrote:
> > >Would someone look at <a
> href="http://www.cottonians.com">http://www.cottonians.com</a>an alumni
site I
> am in the
> > >process of putting up. I would like input from Netscape users(all
versions)
> > >and Opera. Any ideas about the password protected pages using
javascript. It
> > >is not a security issue really, just to get as many unregistered alumni
in,
> > >and using CGI scripts may not be possible.
> >
> >
>
>

HWG hwg-style mailing list archives, maintained by Webmasters @ IWA