Hello! I'm just learning JavaScript and I was wondering if clients can view external JavaScript files? I would like to (potentially) use JavaScript to validate passwords to log into my site. Would this work/ is there a better way?

Recommended Answers

All 3 Replies

yes, the javascript filename is referenced in the html in clear <script language="javascript" type="text/javascript" src="http://www.-mysite-.com/script.js"></script> anyone typing that src into a browser can read the javascript
validation is done securely on the server. php or Ajax -javascript+php- are possible approaches.
google ajax validation
javascript is good for confirming the form of the password, before it is validated, a javascript searching for blank saves ajax calls to the server
google javascript validation
but unless you are https: connected the password and files are in clear between user and server anyway.
md5 hash the password in the browser and compare the hash value with the a stored hash on the server, harder, but not impossible to crack.
but, unless your are making a
secret site,
how secure does the password need to be

Thank you almostbob! I will look into those solutions. Ha I just figure secure passwords are a common courtesy for users.

Security through obscurity
you cant be totally secure but you can be obscure
can use a password in the form that isnt called 'password' to stall sniffers
encrypt the password entered and only send the encryption to be compared with the encryption stored on the server. thats ideal use for javascript onSubmit(some md5/crypt script)
Ya do the same on your newuser script so when the user creates themselves the password is never sent, only its encryption.
many sites say 'we cant recover your password, but we can reset it', and make you reset your password again when they send you a string
but you cant validate in the browser, else you would have to download a large amount of secure information to every user, some of whom may be malicious

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.