Welcome to HostingForumz.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

password to access next page

  
   Web Hosting Problem Solving Community! (Home) -> Webmaster RSS
Related Topics:
Password a link on a web page - I am wondering if anyone knows if i can password a specific link on my website while leaving other links free for viewing. If anyone knows the answer could they please email me at Really it. Thanks

Password Protecting A Web Page - Hello boy am I glad I found you. I'm in the software HTML PASSWORD 3.1 PRO. The crew at claims to have the perfect solution for password a Web page: # Use

Wrong date last home page access - This is what my google account tells me: Googlebot last accessed your home page on Aug 19, 2007. It has not been updated since. However my home page has been visited 20 times since that time and the cache date is changed every time last date..

password troubles - Hi :-) I need a piece of advice. I would like to edit an on line magazine on my website. I asked many people and many would be very in such a magazine! This magazine will not be released on paper. I would like people to pay for a 48..

password protecting - Sorry about the last post didnt realize the rich text was on. I was wondering how I can password protect some of the pages of my website. I use TRIPOD SITE BUILDER which is free but, they let you use html. I would like to be able to password protect pages
Next:  invitation to new open souirce blog  
Author Message
Scott

External


Since: Feb 12, 2008
Posts: 14



(Msg. 1) Posted: Tue Feb 12, 2008 3:50 pm
Post subject: password to access next page
Archived from groups: alt>www>webmaster (more info?)
I have this web page, right now they have to enter a password to move on to
the next page.
My problem is that the actual password is in the "view source" code.
How can I get the page to read the password without showing the password at
the same time?
-
-
Here is my code:
-
<html>

<head>

</head>

<body background=Image3.gif>

<H2>To access the OrderForm - Please enter your password</H2>

<br>

<b>System Password:</b>

<input type=password name=zzzWord size=33>

<input type=button value="Enter" onclick="Eva()">

<script language="JavaScript">
function Eva()
{
if (zzzWord.value !=""&& zzzWord.value !=null)
{
if (zzzWord.value=="THISISTHEPASSWORD")

{
document.location.href='cart1.html'
}
else
{
alert('Access Denied')
}
}
}

</script>

<br>

<H3>Orders Must Be Submitted By Property Managers or Property
Administrators</H3>

</body>

</html>

 >> Stay informed about: password to access next page 
Back to top
Login to vote
user295

External


Since: Nov 07, 2003
Posts: 366



(Msg. 2) Posted: Tue Feb 12, 2008 5:06 pm
Post subject: Re: password to access next page [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Scott wrote:

> I have this web page, right now they have to enter a password to move
> on to the next page.
> My problem is that the actual password is in the "view source" code.
> How can I get the page to read the password without showing the
> password at the same time?

Passwords should be verified in server-side code, never in your HTML or
JavaScript. As you've realized,

if (zzzWord.value=="THISISTHEPASSWORD")

is like locking the door to your house and leaving the key on *top* of
the doormat.

--
-bts
-Friends don't let friends drive Vista

 >> Stay informed about: password to access next page 
Back to top
Login to vote
comphelp

External


Since: Sep 27, 2003
Posts: 155



(Msg. 3) Posted: Tue Feb 12, 2008 10:57 pm
Post subject: Re: password to access next page [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Scott" <altglyphics RemoveThis @yahoo.com> writes:

> I have this web page, right now they have to enter a password to move on to
> the next page.
> My problem is that the actual password is in the "view source" code.
> How can I get the page to read the password without showing the password at
> the same time?

Someone could tell you how to fix your code... but this whole
authentication ball of wax is not at all trivial. There are a ton of
ways to do this wrong.

If this is an application that'll be on the internet and has any $
worth of value in teh information on that server, please take some
time to ponder doing this correctly.

http://www.owasp.org/index.php/Guide_to_Authentication

http://www.owasp.org/index.php/Guide_to_Authorization

http://www.owasp.org/index.php/Session_Management


Well-vetted middleware often provides primitive for this
functionality, and you'd be well advised to use them. If you try to
roll you own with authentication and haven't done it 10 times before,
you're almost guaranteed to do it wrong.

Best Regards,
--
Todd H.
http://www.toddh.net/
 >> Stay informed about: password to access next page 
Back to top
Login to vote
SpaceGirl

External


Since: Nov 13, 2005
Posts: 119



(Msg. 4) Posted: Wed Feb 13, 2008 12:19 am
Post subject: Re: password to access next page [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Scott wrote:
> I have this web page, right now they have to enter a password to move on to
> the next page.
> My problem is that the actual password is in the "view source" code.
> How can I get the page to read the password without showing the password at
> the same time?
> -
> -
> Here is my code:
> -
> <html>
>
> <head>
>
> </head>
>
> <body background=Image3.gif>
>
> <H2>To access the OrderForm - Please enter your password</H2>
>
> <br>
>
> <b>System Password:</b>
>
> <input type=password name=zzzWord size=33>
>
> <input type=button value="Enter" onclick="Eva()">
>
> <script language="JavaScript">
> function Eva()
> {
> if (zzzWord.value !=""&& zzzWord.value !=null)
> {
> if (zzzWord.value=="THISISTHEPASSWORD")
>
> {
> document.location.href='cart1.html'
> }
> else
> {
> alert('Access Denied')
> }
> }
> }
>
> </script>
>
> <br>
>
> <H3>Orders Must Be Submitted By Property Managers or Property
> Administrators</H3>
>
> </body>
>
> </html>
>
>

You cannot do this in the client (Web Browser). You need to write
server-side code to handle the login.

Here's an example that works in ASP:

HTML

<html>
<head>
</head>
<body>
<form method="post" action="checklogin.asp">
<label> Enter password to continue: <input type="password"
name="passwordfield" value="" /> </label>
</form>
</body>
</html>

ASP file called checklogin.asp:

<html>
<head>
</head>
<body>
<%
session("validuser") = false
if request("passwordfield") = "this_is_the_password" then
session("validuser") = true
response.redirect("url_of_page_here.asp")
else
response.write("bad password used, not gonna let you in")
end if
%>
</body>
</html>


By setting a session, you can check on any pages you create to see if
the user has entered the right password. This means you can now secure
lots of pages by adding...

<% if session("validuser") <> true then
response.redirect("intruderalertpage.asp")
%>

.... to the top of any page.

Okay so this example was ASP only, and I expect you won't get it right
away, but it demonstrates, I hope, that you really cant just hack
together some security that runs inside the browser and hope it works.
If it is in the browser, inside JavaScript, it can be hacked or bypassed
in seconds whatever you do - in other words totally pointless. You MUST
do password checking at scripts running on the server - these scripts
can never be seen by the user, and are vastly more secure. Scripts that
run on a server are invisible to a web browser - they only get the
resulting HTML output (so everything between <% and %> is only run by
the server).




--

x theSpaceGirl (miranda)

http://www.northleithmill.com

-.-

Kammy has a new home: http://www.bitesizedjapan.com
 >> Stay informed about: password to access next page 
Back to top
Login to vote
John Bokma

External


Since: Apr 27, 2005
Posts: 593



(Msg. 5) Posted: Wed Feb 13, 2008 1:34 am
Post subject: Re: password to access next page [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
SpaceGirl <nothespacegirlspam.RemoveThis@subhuman.net> wrote:

> <html>
> <head>
> </head>
> <body>
> <form method="post" action="checklogin.asp">
> <label> Enter password to continue: <input type="password"
> name="passwordfield" value="" /> </label>

The input field is no label. Also, I wouldn't recommend XHTML. Most people
use it wrong.

> if request("passwordfield") = "this_is_the_password" then

Don't store plain readable passwords if there is no need. Better, assuming
that there is a sha1() function that calculates the sha1() digest of a
string:

if sha1(request("passwordfield")) = "sha1 digest of the password" then

[1]

> pointless. You MUST do password checking at scripts running on the
> server - these scripts can never be seen by the user,

except when there is a misconfiguration. It's not hard to find real-world
examples of sites that leaked part of their scripts thanks to
misconfiguration: hence *don't store* passwords readable.

Also, quite some scripts are 644 (or 755 if they need to be executable)
this means that in a shared hosting environment, others can read it. Also,
it means that your scripts/programs might be read by hackers.

[1] Of course one has to pick the password with care, since a dictionary
attack might break the digest of simple words in, for example, an
English dictionary.

--
John Bokma http://johnbokma.com/
 >> Stay informed about: password to access next page 
Back to top
Login to vote
Jamie

External


Since: Feb 08, 2008
Posts: 36



(Msg. 6) Posted: Wed Feb 13, 2008 5:27 am
Post subject: Re: password to access next page [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In <75562$47b20645$48316260$30066@FUSE.NET>,
"Scott" <altglyphics DeleteThis @yahoo.com> mentions:
>I have this web page, right now they have to enter a password to move on to
>the next page.
>My problem is that the actual password is in the "view source" code.
>How can I get the page to read the password without showing the password at
>the same time?

Javascript oriented solutions don't work fo the reasons you mention.

http://httpd.apache.org/docs/2.0/howto/auth.html

The .htaccess approach needs a file of username/passwords, please
keep the password file outside of webspace.

A common and easy mistake people sometimes do is place password files (those
used by the .htaccess method of apache) in webspace. If someone knew the URL
(or took a guess at it) they could fetch the password file, run a crack script
on it and break in.

For more than you ever wanted to know about the problem:
http://www.geniegate.com/art/pdf/keep-it-off-the-web.pdf


Or, for a PHP oriented soltution (I'm obviously biased):

http://www.geniegate.com/listings/dolphin/

Jamie
--
http://www.geniegate.com Custom web programming
Perl * Java * UNIX User Management Solutions
 >> Stay informed about: password to access next page 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting Problem Solving Community! (Home) -> Webmaster All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]