Is this Javascript password protection safe enough?

For everything that's not in any way related to PureBasic. General chat etc...
Post Reply
User avatar
utopiomania
Addict
Addict
Posts: 1655
Joined: Tue May 10, 2005 10:00 pm
Location: Norway

Is this Javascript password protection safe enough?

Post by utopiomania »

Hello :) I've pieced together the html below to allow access to certain pages on a site if the
right password is entered, but wonder if it's possible for search engines to bypass the protection by
indexing the hidden pages and linking directly to them :?:

The pages are not linked to, nor do they contain links to other pages except possibly
files stored in the same folders.

This is the 'Enter Password' page. Save as 'gate.htm'. Open and enter '1234' then click ok:

Code: Select all

<html>
<head><title>Password</title>
</head>

<script language=JavaScript>

function load(page)
{
	location=page+".htm"
}
</script>

<body text=#8080ff>
<form>
<br>
<center><h3>Enter Password:</h3>
	<input name=edt type=password size=20>
	<input name=btn type=button value=" O k " OnClick=load(this.form.edt.value)>
</form>
</body></html>
save as '1234.htm'. This is the page opened if the password is correct:

Code: Select all

<html>
<head><title>Inside</title>
</head>

<body text=#8080ff>
<br>
	<center><h3>You're inside!</h3>
</body></html>
Last edited by utopiomania on Thu Aug 25, 2005 11:45 pm, edited 1 time in total.
Top
Jellybean
User
User
Posts: 95
Joined: Wed Aug 24, 2005 7:33 pm

Post by Jellybean »

Theoretically it should be safe, but not in reality. :wink:
Top
PB
PureBasic Expert
PureBasic Expert
Posts: 7581
Joined: Fri Apr 25, 2003 5:24 pm

Re: Is this Javascrip password protection safe enough?

Post by PB »

Put this on an URL so I can test it... :)
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
Top
ricardo
Addict
Addict
Posts: 2438
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Re: Is this Javascrip password protection safe enough?

Post by ricardo »

utopiomania wrote:Hello :) I've pieced together the html below to allow access to certain pages on a site if the
right password is entered, but wonder if it's possible for search engines to bypass the protection by
indexing the hidden pages and linking directly to them :?:
If thats you only concer, use robots.txt to avoid searchengines to fetch it. Also i that pages are not linked, searchengines will not find it even if you want it to fetch those pages.
[/quote]
ARGENTINA WORLD CHAMPION
Top
User avatar
utopiomania
Addict
Addict
Posts: 1655
Joined: Tue May 10, 2005 10:00 pm
Location: Norway

Post by utopiomania »

@PB, I'll do that in a few days. :)

@Ricardo,
Also if that pages are not linked, searchengines will not find it even if you want it to fetch those pages.
Great, I don't want them to fetch the protected pages, but ,ehh.. whats robot.txt?? :oops:
Top
Dare2
Moderator
Moderator
Posts: 3321
Joined: Sat Dec 27, 2003 3:55 am
Location: Great Southern Land

Post by Dare2 »

Robots.txt is a file that search engines use. It tells them where they can/should/should not go.

http://www.searchengineworld.com/robots ... torial.htm

It will work for legit engines but baddies just ignore it.

You can also use metatags with "NOFOLLOW" arguments.

But best is behind the scenes checking using cookies, etc.

Out on a limb here: If your site has password protection the SE should not be able to get past it without attempting to crack it. So unless you have links to your protected pages in other public pages that make them accessible (in which case anyone can get there) then it should be ok. Some SE don't (maybe this has changed) even bother to attempt tp follow form submission links.
@}--`--,-- A rose by any other name ..
Top
Post Reply

Return to “Off Topic”