[thelist] password protection
Rob Keniger
rob at bigbang.net.au
Sat Nov 18 19:00:43 CST 2000
on 11/19/00 10:34 AM, aardvark at roselli at earthlink.net wrote:
> FWIW, javascript password protection is an oxymoron...
>
> it's javascript obfuscation at best... it can be defeated in a couple
> seconds, or minutes if you're tired... there is no security there...
By using an off-line javascript function to run a one-way hash on a password
and then storing only the hash in the live code, you can have reasonable
protection. By reasonable protection, I mean that the the page is
unprotected if someone were to guess the name of the file, but other than
that, one-way hashing is an extremely difficult password scheme to break
unless you have hundreds of hours of computer time to spare.
I agree it is NOT suitable for protection of data that MUST be secure but it
is an excellent deterrent for pages that are "semi-secret". Very quick to
implement too.
I do not use this method personally but I can see that it has its uses.
--
Rob Keniger
big bang solutions
<mailto:rob at bigbang.net.au>
<http://www.bigbang.net.au>
More information about the thelist
mailing list