[thelist] password protection

Rob Keniger rob at bigbang.net.au
Sat Nov 18 19:00:43 CST 2000

on 11/19/00 10:34 AM, aardvark at roselli at earthlink.net wrote:
> FWIW, javascript password protection is an oxymoron...
> it's javascript obfuscation at best... it can be defeated in a couple
> seconds, or minutes if you're tired... there is no security there...

By using an off-line javascript function to run a one-way hash on a password
and then storing only the hash in the live code, you can have reasonable
protection. By reasonable protection, I mean that the the page is
unprotected if someone were to guess the name of the file, but other than
that, one-way hashing is an extremely difficult password scheme to break
unless you have hundreds of hours of computer time to spare.

I agree it is NOT suitable for protection of data that MUST be secure but it
is an excellent deterrent for pages that are "semi-secret". Very quick to
implement too.

I do not use this method personally but I can see that it has its uses.


Rob Keniger

big bang solutions

<mailto:rob at bigbang.net.au>

More information about the thelist mailing list