in reply to Security and JavaScript

The reason I am not just using password security is that I am doing this for a client who has trouble remembering passwords so he keeps his passwords simple

/me re-reads the post and sees this is already done - lol. But, I think your solution is a little overkill. If you're going to all the trouble of encrypting a random string, why bother with the password at all? When you send the request to the server for the random string, why not just lock the login to that IP. That, combined with the existing encryption ideas would surely be enough. (unless there are other people with access to the client's machine, I suppose :)

If you just have the one client who wants access, why not create an html page with a form that submits to the site. Include a nice long hidden field in the form (a long password), or use JS to set a local cookie before login. Then simply get the client to save the html file on their hard drive and open the local page when logging in. That way there's nothing for a bot / outsider to hit.

.02

cLive ;-)

Replies are listed 'Best First'.
Re: Re: Security and JavaScript
by rlgarris682 (Initiate) on Apr 29, 2003 at 01:58 UTC

    Okay this is my final post for tonight before I go play basketabll

    Your right it is a little overkill but this simply assure that someone won't just stumble upon the admistration section of the website and since the implementation of this sounds a lot more difficult that it actually is (I have it done pretty much) I understand your thought. TY for the input

[reply]

In Section Seekers of Perl Wisdom