 |  |  |  |  |  |  |  |
External Javascript File
Please support our JavaScript / DHTML / AJAX advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hello! I'm just learning JavaScript and I was wondering if clients can view external JavaScript files? I would like to (potentially) use JavaScript to validate passwords to log into my site. Would this work/ is there a better way?
•
•
Join Date: Jan 2009
Posts: 1,361
Reputation: 
Solved Threads: 164
yes, the javascript filename is referenced in the html in clear
validation is done securely on the server. php or Ajax -javascript+php- are possible approaches.
google ajax validation
javascript is good for confirming the form of the password, before it is validated, a javascript searching for blank saves ajax calls to the server
google javascript validation
but unless you are https: connected the password and files are in clear between user and server anyway.
md5 hash the password in the browser and compare the hash value with the a stored hash on the server, harder, but not impossible to crack.
but, unless your are making a
Mad
Industrial
Scientists
Taking
A
Killing
Edge,
secret site,
how secure does the password need to be
<script language="javascript" type="text/javascript" src="http://www.-mysite-.com/script.js"></script> anyone typing that src into a browser can read the javascriptvalidation is done securely on the server. php or Ajax -javascript+php- are possible approaches.
google ajax validation
javascript is good for confirming the form of the password, before it is validated, a javascript searching for blank saves ajax calls to the server
google javascript validation
but unless you are https: connected the password and files are in clear between user and server anyway.
md5 hash the password in the browser and compare the hash value with the a stored hash on the server, harder, but not impossible to crack.
but, unless your are making a
Mad
Industrial
Scientists
Taking
A
Killing
Edge,
secret site,
how secure does the password need to be
Last edited by almostbob; Feb 12th, 2009 at 12:54 pm.
Failure is not an option It's included free, you don't have to do anything to get it
If at first you dont succeed, join the club
Of course its always in the last place you look, you dont keep looking after you find it
Please mark solved problems, solved
If at first you dont succeed, join the club
Of course its always in the last place you look, you dont keep looking after you find it
Please mark solved problems, solved
Thank you almostbob! I will look into those solutions. Ha I just figure secure passwords are a common courtesy for users.
•
•
Join Date: Jan 2009
Posts: 1,361
Reputation:
Solved Threads: 164
Security through obscurity
you cant be totally secure but you can be obscure
can use a password in the form that isnt called 'password' to stall sniffers
encrypt the password entered and only send the encryption to be compared with the encryption stored on the server. thats ideal use for javascript onSubmit(some md5/crypt script)
Ya do the same on your newuser script so when the user creates themselves the password is never sent, only its encryption.
many sites say 'we cant recover your password, but we can reset it', and make you reset your password again when they send you a string
but you cant validate in the browser, else you would have to download a large amount of secure information to every user, some of whom may be malicious
you cant be totally secure but you can be obscure
can use a password in the form that isnt called 'password' to stall sniffers
encrypt the password entered and only send the encryption to be compared with the encryption stored on the server. thats ideal use for javascript onSubmit(some md5/crypt script)
Ya do the same on your newuser script so when the user creates themselves the password is never sent, only its encryption.
many sites say 'we cant recover your password, but we can reset it', and make you reset your password again when they send you a string
but you cant validate in the browser, else you would have to download a large amount of secure information to every user, some of whom may be malicious
Failure is not an option It's included free, you don't have to do anything to get it
If at first you dont succeed, join the club
Of course its always in the last place you look, you dont keep looking after you find it
Please mark solved problems, solved
If at first you dont succeed, join the club
Of course its always in the last place you look, you dont keep looking after you find it
Please mark solved problems, solved
|
Similar Threads
- passing html input to js file??? (JavaScript / DHTML / AJAX)
- worked in one file, not in the other??? (JavaScript / DHTML / AJAX)
- Connecting To External Javascript File (JavaScript / DHTML / AJAX)
- Including header file using HTML (HTML and CSS)
- external javascript (JavaScript / DHTML / AJAX)
Other Threads in the JavaScript / DHTML / AJAX Forum
- Previous Thread: Ajax Updater
- Next Thread: About Document
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest JavaScript / DHTML / AJAX Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
acid2 ajax ajaxcode ajaxhelp animate automatically beta box bug calendar captcha cart checkbox child class column cookies createrange() css cursor decimal design dom download dropdown editor element engine enter error events explorer file focus form forms frameworks google gwt html htmlform ie8 iframe image() images index internet java javascript jawascriptruntimeerror jquery jsf jsfile jump listbox math matrixcaptcha menu microsoft mimic mp4 object onmouseoutdivproblem onmouseover onreadystatechange parent pdf php player post problem progressbar prototype rated rating regex runtime scale scroll search select session shopping size sql star starrating stars text textarea validation w3c web website window windowofwords windowsxp wysiwyg xml \n
