RE: password protected webpages
by "Duncan Austin" <duncan1a(at)hotmail.com>
|
| Date: |
Wed, 05 Apr 2000 23:46:43 PDT |
| To: |
hwg-techniques(at)hwg.org |
| |
todo: View
Thread,
Original
|
|
You've named the file the same as the password. While this is fine for low
security and where you don't have users creating their own passwords, it is
not a serious solution. If a hacker sees the contents of your directory or
your ftp password is compromised your security is gone. Aslo everyone
working for tech in your isp can see it - therefore it's not good for
sensitive info.
>LoL
>
>Try to crack my JS protected password page. ;)
>
>http://www.iguy.net/JS/password.htm
>
> > -----Original Message-----
> > From: rudy limeback [SMTP:r937(at)interlog.com]
> > Sent: Wednesday, April 05, 2000 8:52 AM
> > To: Brockfamily(at)xtra.co.nz; hwg-techniques(at)hwg.org
> > Subject: Re: password protected webpages
> >
> >
> >
> > >An idea may be to try JavaScript protection, this can be made almost
> > >impossible to crack, by creating an external JavaScript that contains
> > >the stuff ( password and usernames), read the page at
> > >http://www.crosswinds.net/~wmrsite2/scripts/extpassword.html
> >
> > dear mister broccoli man
> >
> > let's try this with a real world example
> >
> > in internet explorer, type
> >
> > http://www.cnn.com/virtual/2000/code/main.js
> >
> > into the address bar
> >
> > you're asked if you want to save it to disk
> >
> > in netscape, type
> >
> > view-source:http://www.cnn.com/virtual/2000/code/main.js
> >
> > into the address bar
> >
> > you see the external source right away, dude
> >
> > not so impossible to crack, after all
> >
> > _____________
> > rudy limeback
> > http://r937.com/
> > http://evolt.org/
> >
> >
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA