本站首页    管理页面    写新日志    退出

The Neurotic Fishbowl

[web developer center]Five Most Common Coding Errors
snowrose 发表于 2007/9/16 15:19:42

from link:http://javascript.about.com/od/hintsandtips/a/worst_2.htm <2>Password Protection: The second biggest mistake people starting out with Javascript make is to try to use it to set up a password protected area on their site. What most people creating such scripts tend to forget is that Javascript is open source and therefore anyone with a decent knowledge of Javascript can read your Javascript code to find out what the password is that it is testing for (no matter how it is encrypted). There are a couple of ways that you can make the password protection slightly more effective with Javascript such as not coding it in the script but having the password as the name of the file containing the page or alternatively by encoding it within the password protected page itself but even these methods can be bypassed. The other disadvantage of such methods is that they only allow you to set one password instead of one per person. Once the password becomes known to those you don't want accessing the page your only option is to change the password and let everyone you do want to have access what the new password is. Of course there is nothing to stop them all telling their friends so you can expect that at least some people who are not supposed to have access to the page will know the new password within a few minutes of when you set it. If you want real password protection on your web site then use the server side options that you have available rather than trying to use Javascript. Server side solutions are at least potentially secure from anyone trying to break into your site

阅读全文(1825) | 回复(0) | 编辑 | 精华

 



发表评论:
昵称:
密码:
主页:
标题:
验证码:  (不区分大小写,请仔细填写,输错需重写评论内容!)

 
 



The Neurotic Fishbowl

.: 公告




Bloginess

«August 2025»
12
3456789
10111213141516
17181920212223
24252627282930
31

.: 我的分类(专题)

首页(130)
RIA(22)
linux(3)
J2EE(24)
the mood of everyday(58)
oral English(14)
database(2)
soap(3)
java(9)
web developer center(14)


In the Bowl

.: 最新日志

倾情奉献iphone、ipod、ipho
check ipad's rotatio
css position fixed d
field validation whe
常见浏览器cookie个数和大小限制说明
人类无法抗拒的10种心理,学会它,就能控
读as3cookbook 有感
flex builder linux s
Component returned f
use tramp in emacs i


.: 最新回复

replcica watches
replcica watches
Dell spikes game sit
回复:人类无法抗拒的10种心理,学会它,
回复:人类无法抗拒的10种心理,学会它,
回复:flex builder linu
回复:人类无法抗拒的10种心理,学会它,
回复:人类无法抗拒的10种心理,学会它,
回复:致女人------摘自读者
回复:虚心接受别人的意见,谨慎改正


The Fishkeeper
blog名称:up forever
日志总数:130
评论数量:274
留言数量:4
访问次数:1947386
建立时间:2006年5月25日



Text Me

.: 留言板

签写新留言

参观
这个界面很漂亮!
我试试吧
up forever
该换了!


Other Fish in the Sea

.: 链接


http://blogger.org.cn/blog/more.asp?name=hongrui&id=16955

邢红瑞 

http://niegc.cublog.cn/  聂国聪

http://www.blogjava.net/SteelHand/ 铁手剑谱

http://blog.sina.com.cn/qianqq 糖qq

http://blog.csdn.net/misty_wish   师弟

http://www.bbxy.net/xiaoyu/ Goteet老师

http://www.chinaitpower.com    中国it动力

http://jinyuxi.blog.sohu.com/ 靳羽西




lvetica, sans-serif; MARGIN: 0px 0px 8px; PADDING-BOTTOM: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px } DIV.blogrollmain { FONT: 12px verdana, arial, helvetica, sans-serif } BLOCKQUOTE { COLOR: #202020; FONT: 11px verdana, arial, helvetica, sans-serif } .tinyfont { FONT: 9px verdana, arial, helvetica, sans-serif } TD { COLOR: #202020; FONT-FAMILY: verdana; FONT-SIZE: 12px } .title { COLOR: #996897; FONT-FAMILY: verdana, sans-serif; FONT-SIZE: 10pt; FONT-WEIGHT: bold } .titlefont { COLOR: #996897; FONT-FAMILY: verdana, sans-serif; FONT-SIZE: 14px; FONT-STYLE: italic } .titlefontarch { BORDER-BOTTOM: 1px solid; BORDER-LEFT: 1px solid; BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; COLOR: #996897; FONT-FAMILY: verdana, sans-serif; FONT-SIZE: 14px; TEXT-ALIGN: center; WIDTH: 100% } .menu_text { COLOR: #c1ae94; FONT-FAMILY: Verdana, Arial, sans-serif; FONT-SIZE: 10px; MARGIN-BOTTOM: 1px } .links { FONT-FAMILY: Verdana, Arial, sans-serif; FONT-SIZE: 11px } .smallfont { COLOR: #202020; FONT-FAMILY: Verdana, Arial, sans-serif; FONT-SIZE: 11px; MARGIN: 0px } A:link { COLOR: #996897; TEXT-DECORATION: none } A:visited { COLOR: #996897; TEXT-DECORATION: none } A:hover { BACKGROUND-COLOR: #996897; COLOR: #610862; TEXT-DECORATION: underline } A { TEXT-DECORATION: none } .content { WIDTH: auto } .dateheader { MARGIN: 0px; PADDING-BOTTOM: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px; POSITION: relative; WIDTH: auto; Z-INDEX: 3; min-width: 120px } .wbtn1 { BACKGROUND-COLOR: #ffffff; BORDER-BOTTOM: #996897 1px solid; BORDER-LEFT: #996897 1px solid; BORDER-RIGHT: #996897 1px solid; BORDER-TOP: #996897 1px solid; COLOR: #996897; FONT-FAMILY: verdana, arial geneva; FONT-SIZE: 7pt; TEXT-DECORATION: none } .calendar { PADDING-BOTTOM: 4px; PADDING-LEFT: 4px; PADDING-RIGHT: 4px; PADDING-TOP: 4px; TEXT-ALIGN: center } .calhead { BACKGROUND-COLOR: #ffffff; BORDER-BOTTOM: gray 1px solid; COLOR: black; TEXT-ALIGN: center; VERTICAL-ALIGN: middle; WIDTH: 14% } .calbody { BORDER-BOTTOM: 1px solid; TEXT-ALIGN: center; VERTICAL-ALIGN: middle; WIDTH: 14% } .style2 {color: #996897}
本站首页    管理页面    写新日志    退出

The Neurotic Fishbowl

[web developer center]Five Most Common Coding Errors
snowrose 发表于 2007/9/16 15:19:42

from link:http://javascript.about.com/od/hintsandtips/a/worst_2.htm <2>Password Protection: The second biggest mistake people starting out with Javascript make is to try to use it to set up a password protected area on their site. What most people creating such scripts tend to forget is that Javascript is open source and therefore anyone with a decent knowledge of Javascript can read your Javascript code to find out what the password is that it is testing for (no matter how it is encrypted). There are a couple of ways that you can make the password protection slightly more effective with Javascript such as not coding it in the script but having the password as the name of the file containing the page or alternatively by encoding it within the password protected page itself but even these methods can be bypassed. The other disadvantage of such methods is that they only allow you to set one password instead of one per person. Once the password becomes known to those you don't want accessing the page your only option is to change the password and let everyone you do want to have access what the new password is. Of course there is nothing to stop them all telling their friends so you can expect that at least some people who are not supposed to have access to the page will know the new password within a few minutes of when you set it. If you want real password protection on your web site then use the server side options that you have available rather than trying to use Javascript. Server side solutions are at least potentially secure from anyone trying to break into your site

阅读全文(1825) | 回复(0) | 编辑 | 精华

 



发表评论:
昵称:
密码:
主页:
标题:
验证码:  (不区分大小写,请仔细填写,输错需重写评论内容!)

 
 



The Neurotic Fishbowl

.: 公告




Bloginess

«August 2025»
12
3456789
10111213141516
17181920212223
24252627282930
31

.: 我的分类(专题)

首页(130)
RIA(22)
linux(3)
J2EE(24)
the mood of everyday(58)
oral English(14)
database(2)
soap(3)
java(9)
web developer center(14)


In the Bowl

.: 最新日志

倾情奉献iphone、ipod、ipho
check ipad's rotatio
css position fixed d
field validation whe
常见浏览器cookie个数和大小限制说明
人类无法抗拒的10种心理,学会它,就能控
读as3cookbook 有感
flex builder linux s
Component returned f
use tramp in emacs i


.: 最新回复

replcica watches
replcica watches
Dell spikes game sit
回复:人类无法抗拒的10种心理,学会它,
回复:人类无法抗拒的10种心理,学会它,
回复:flex builder linu
回复:人类无法抗拒的10种心理,学会它,
回复:人类无法抗拒的10种心理,学会它,
回复:致女人------摘自读者
回复:虚心接受别人的意见,谨慎改正


The Fishkeeper
blog名称:up forever
日志总数:130
评论数量:274
留言数量:4
访问次数:1947386
建立时间:2006年5月25日



Text Me

.: 留言板

签写新留言

参观
这个界面很漂亮!
我试试吧
up forever
该换了!


Other Fish in the Sea

.: 链接


http://blogger.org.cn/blog/more.asp?name=hongrui&id=16955

邢红瑞 

http://niegc.cublog.cn/  聂国聪

http://www.blogjava.net/SteelHand/ 铁手剑谱

http://blog.sina.com.cn/qianqq 糖qq

http://blog.csdn.net/misty_wish   师弟

http://www.bbxy.net/xiaoyu/ Goteet老师

http://www.chinaitpower.com    中国it动力

http://jinyuxi.blog.sohu.com/ 靳羽西




站点首页 | 联系我们 | 博客注册 | 博客登陆

Sponsored By W3CHINA
W3CHINA Blog 0.8 Processed in 0.031 second(s), page refreshed 144777298 times.
《全国人大常委会关于维护互联网安全的决定》  《计算机信息网络国际联网安全保护管理办法》
苏ICP备05006046号