[thelist] hiding a password in a simple javascript prompt box
Dean Mah
dsmah at home.com
Thu Sep 14 08:01:51 CDT 2000
Lisa Bartholomew writes:
> So I have set up a very simple javascript that prompts the user for
> the password. If you go to view source you can however can find out
> what the password is.
You can also see the URL that you are going to once the password has
been entered correctly... You can by password entering the password
entirely and go straight to that page.
> What I would like to know is is there any way that it can be hidden
> from view or not?
Notwithstanding the above, you could use a one-time encryption process
on the correct password, store it in the JS source, then encrypt the
password that the user enters from the page with the same algorithm,
and compare the two. So even if someone sees the password, it's of no
use to them (ignoring dictionary attacks).
Dean
More information about the thelist
mailing list