PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Is this Javascript password protection safe enough?

https://www.purebasic.fr/english/viewtopic.php?t=16499

Page 1 of 1

Is this Javascript password protection safe enough?

Posted: Thu Aug 25, 2005 7:47 pm
by utopiomania
Hello :) I've pieced together the html below to allow access to certain pages on a site if the
right password is entered, but wonder if it's possible for search engines to bypass the protection by
indexing the hidden pages and linking directly to them :?:

The pages are not linked to, nor do they contain links to other pages except possibly
files stored in the same folders.

This is the 'Enter Password' page. Save as 'gate.htm'. Open and enter '1234' then click ok:

Code: Select all

<html>
<head><title>Password</title>
</head>

<script language=JavaScript>

function load(page)
{
	location=page+".htm"
}
</script>

<body text=#8080ff>
<form>
<br>
<center><h3>Enter Password:</h3>
	<input name=edt type=password size=20>
	<input name=btn type=button value=" O k " OnClick=load(this.form.edt.value)>
</form>
</body></html>
save as '1234.htm'. This is the page opened if the password is correct:

Code: Select all

<html>
<head><title>Inside</title>
</head>

<body text=#8080ff>
<br>
	<center><h3>You're inside!</h3>
</body></html>

Posted: Thu Aug 25, 2005 8:37 pm
by Jellybean
Theoretically it should be safe, but not in reality. :wink:

Re: Is this Javascrip password protection safe enough?

Posted: Thu Aug 25, 2005 9:55 pm
by PB
Put this on an URL so I can test it... :)

Re: Is this Javascrip password protection safe enough?

Posted: Thu Aug 25, 2005 10:08 pm
by ricardo
utopiomania wrote:Hello :) I've pieced together the html below to allow access to certain pages on a site if the
right password is entered, but wonder if it's possible for search engines to bypass the protection by
indexing the hidden pages and linking directly to them :?:
If thats you only concer, use robots.txt to avoid searchengines to fetch it. Also i that pages are not linked, searchengines will not find it even if you want it to fetch those pages.
[/quote]

Posted: Thu Aug 25, 2005 10:53 pm
by utopiomania
@PB, I'll do that in a few days. :)

@Ricardo,
Also if that pages are not linked, searchengines will not find it even if you want it to fetch those pages.
Great, I don't want them to fetch the protected pages, but ,ehh.. whats robot.txt?? :oops:

Posted: Fri Aug 26, 2005 2:10 am
by Dare2
Robots.txt is a file that search engines use. It tells them where they can/should/should not go.

http://www.searchengineworld.com/robots ... torial.htm

It will work for legit engines but baddies just ignore it.

You can also use metatags with "NOFOLLOW" arguments.

But best is behind the scenes checking using cookies, etc.

Out on a limb here: If your site has password protection the SE should not be able to get past it without attempting to crack it. So unless you have links to your protected pages in other public pages that make them accessible (in which case anyone can get there) then it should be ok. Some SE don't (maybe this has changed) even bother to attempt tp follow form submission links.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited