Password Protected HTHL5 LocalStorage Security?
Apr 21, 2011
I've just started my venture into HTML5 localStorage. I now have a javascript my server sends to those who visit my ip address. I store all their data using localStorage. I have a few security questions regarding the HTML5 localStorage situation:
1. Can a script that did not create the local storage retrieve/modify the localStorage of another script just by guessing the key maliciously or unintentionally?
2. Can another script use the clear() method to remove my scripts data? Edit: I just tried this myself. And, yes, I deleted my data, all of it with clear() using a different script. Is there any way to prevent this? Is it only my end that will be able to do it or could I load a script from a site has a hidden clear() method and destory all other javascript apps data?
3. If item (2) is true, any ideas on how to protect my scripts data for the user from the clear method?
4. if item (2) is false, cool, my first idea is to create a uniqnue string random string and ask the user to creat a password to encrpt that string and just use that string with enumeration added to it for the keys.
5. Does anyone know where localData is stored? Is it encrypted already, in plain text, in well-known or hidden location?
View 6 Replies
ADVERTISEMENT
Aug 15, 2010
I want to make a page on a [URL] site (meaning no SS scripting) that is password protected. The problem is I have no idea how to make it to where someone can't see the password. The best I could think of would be:
if (password=="p455burrito") {
window.open(/*blabla*/);
}
But then someone could easily check the source code (even if I put the variable in another file or anything, it could still be seen). So someone redirected me to the Bravenet password protection, but I don't know how to make it redirect to a page that is protected by the password. If I put the password code on the page and log in, it redirects me where it's supposed to go, but I can still just go to the page myself and it's not protected.
How would I do this with just what [URL] allows?
I was checking out the more advanced Javascript tutorials and was thinking that cookies would be appropriate for this situation.
Also, I did search and I found things like this: [URL]
Which are easy to get through if you know how to look through the source code.
View 5 Replies
View Related
Jul 20, 2005
I am trying to hide my JavaScript source. The method I chose was to
keep all the important source in a password protected folder, and then
use a SRC="folder/script.js" to include it in my code. This way, the
script will run, but the user will be unable to view the included
code. Or so I think :).
I have tried this method, and it seems to work. However, I would like
to know if you can see any problems with this. For instance, can you
think of a way to bypass this and get at script.js? Can you foresee
any problems that would arise as a result of keeping scripts behind
password protected folders? Any other security concerns?
View 22 Replies
View Related
Apr 2, 2011
1. place name in heading tag provided2. locate script tag and create a cookie named password and assign to its value the user's entry into the pWord text box.3. test the file by opening the file and entering the password "hello" and see if you are able to enter the password protected page. test using the password "goodbye" and you should not be able to enter the page.Someone please help asap, I am including an attachment with a zip file with the page I am working on and the follow up page.
View 3 Replies
View Related
Nov 12, 2005
Password Strength meter: Looking at ways of improving site security:
[url] is a great security feature (in my humble opinion) and I seem to think Ebay, Hotmail, or maybe Amazon use a similar tool. It looks at a proposed password, counts the upper and lower case characters used as well as the use of numerical and other symbols such as #@~? Etc. then rates the password on its perceived unbreakability. Thus it encourages users to use a strong password and therefore improves the security on my site and maybe on other sites too
So far I have linked to this site with success, but I would like to integrate the feature into my site. Does anyone have the code or something similar?
View 2 Replies
View Related
Jul 26, 2011
i have created one simple login form with 5 fields namely username,email id,password,retype password and phone no.i have created alert message for each function,so that when there is an error it displays alert message..now i have to replace all alert messages with inline validation(displays errors beside textbox).
<code>
<html>
<head>
[code]....
View 4 Replies
View Related
Jul 28, 2011
below is the code for simple login form having fields username,email id,password,retype password and phone no. i have done inline validation forcheckName() .i am not getting for the other fields can u tell me how to do it..
Code:
<html>
<head>
[code]....
View 6 Replies
View Related
Apr 28, 2010
I'm having trouble getting two password boxes to work on the same page, which I created using the JavaScript Kit Encrypted Password Generator [URL].
I've used the code that this generator produces, with some modifications as given by cheesebagpipe [URL]. These changes enable the user to press the keyboard's enter key to submit the password (as an alternative to clicking the submit button), and will also refocus the text box and select the text in it if the user enters the wrong password.
The code works fine on pages with just one box (e.g. [URL]), but what changes are needed to make two work on the same page? (I'm new to web design and clueless when it comes to JavaScript, which I know isn't the most secure method of password protection, but will do for now).
At the moment, on pages with two boxes (e.g. [URL]), neither of the boxes work; this appears in the address bar instead: [URL] ('help!'=whatever has been entered in the text box).
The full code for both boxes is given below.
<div id="passwordBoxes">
<div id="password2">
<form name="password1" onsubmit="submitentry();return false;">
<span class="WhiteLogin">Keyboard classes login</span>
[Code].....
View 6 Replies
View Related
Feb 15, 2010
I want to validate new password with repeat password befor user press submit.
<p align="center">To reset your password, provide your current password</p>
<form id="form1" name="form1" method="post" action="pcq.php">
<table border="0" align="center" class="mytable2" style="margin-left:175px" >
<tr>
[Code].....
View 6 Replies
View Related
Nov 23, 2005
Given this simplified to the min constructor:
function jsFileManager(mode) {
this.mode = mode;
}
If there a way to make jsFileManager.mode property as final protected.
Other words, it can be set only once diring the objects initialization
and it is accessible only to the inner methods of jsFileManager
conctructor?
View 3 Replies
View Related
May 8, 2011
How would you make a password feild and a retype password feild and they have to be the same?
View 15 Replies
View Related
Aug 28, 2008
This is a secure solution for password protection with JavaScript. It works by encrypting the password and the content. Nothing is revealed in the source code, and it cannot be beaten by disabling JavaScript.
The download contains three files:
Protect Content.html lets you generate your own protected content.
Demo.html is a protected document, and as long as it remains unbroken, it's your proof that this software works. You can also use it as a template for your own protected pages.
Demo, with hint.html is another protected document that tells you the password. This is meant to show that the first demo is not a trick or a fake.
View 14 Replies
View Related
Jul 12, 2010
So i am working on a piece that using local storage and saves them to an un ordered list. I have been using Chrome for the console and inspector abilities and it has been going well. I've tested it before in Safari and Opera and I know it works. However, in Firefox (and IE but I don't care about that) I am getting a console error.
Here is the code being executed:
There is some jQuery thrown in there but basically it says, test for a localStorage key of i, if it is not null create the list item, add one to i and repeat.
I am getting the following error in firefox only:
Index or size is negative or greater than the allowed amount" code: "1 [Break on this error] while (localStorage.key(i) != null)
View 3 Replies
View Related
Mar 21, 2011
I've been experimenting with Local Storage. I can do things like this just fine:
But if I do this:
...then place it in local storage, reading it back gives me a TEXT STRING that says "[Object object]" and not the actual object.
I would like to be able to store multiple values in one object, but it doesn't seem to work.
I also tried to store a variable obtained with "document.getElementById" and when read back it just says [HTMLDivElement] (something like that) instead of the actual element.
Am I doing something wrong, or does local storage not support objects? (btw, tested on FF 3.6).
View 4 Replies
View Related
Sep 19, 2011
How do I check to see if HTML5 localstorage is empty?
I don't need to know what's inside just if there is anything inside.
Code:
This is returning empty all the time.
View 1 Replies
View Related
Jun 9, 2011
I want to be able to automatically filter certain characters a user is typing in either an input field or a textara and automatically convert them to it's equivalent html entity. I've looked at .keypress, which will give me the character they typed, but I have no idea where in the box they have typed it.
View 3 Replies
View Related
Jun 7, 2011
I'm attempting to track changes to values I've stored in the localStorage object. From everything thing I've read, this is done by adding a "storage" event listener to the window object but the test file I made doesn't seem to fire the event. I was under the impression that there was pretty good support for this (although I do realize the spec is still under revision).
Code:
if(localStorage) {
// Set Item
button1 = document.createElement("input");
[Code].....
I create two buttons on the page - the first to write a value to localStorage (which works) and the second to clear all values from localStorage (also works). The problem is the event just does not want to fire for me. Even if I set the event on the window's "onstorage" property rather than use addEventListener, no event fires. I've tried in the most recent Chrome, Firefox and Safari browsers.
View 2 Replies
View Related
Nov 26, 2005
I've recently been following the object-oriented techiques discussed
here and have been testing them for use in a web application. There is
problem that I'd like to discuss with you experts.
I would like to produce Javascript classes that can be "subclassed"
with certain behaviors defined at subclass time. There are plenty of
ways to do this through prototyping and other techniques, but these
behaviors need to be static and protected. By protected this means
that they can be overridden (or reassigned) in subclasses, and
privileged subclass methods can access them, but callers external to
the class cannot.
I've been attempting to define a factory function that transfers its
parameters to an anonymous object while defining the constructor in a
-with- block. (This is what I'm loosely referring to as "subclassing"
- it's really object composition.) This works, but not for
externally-defined functions. They can't see the protected static
members....
View 11 Replies
View Related
Nov 27, 2010
For a calendar project implemented with pure HTML/CSS/JS I need to access local data files (.ICS). These ICS/iCal data has to be accessed also by other applications (eg. sync, backup, etc).Can anyone point to a possible solution to use HTML5 compatible calls (or jQ plugin) AND how to access the localStorage files also from the other apps.
View 2 Replies
View Related
Jul 7, 2010
How to convert my cookie script over to HTML 5 LocalStorage.
Here's my cookie script:
View 1 Replies
View Related
Oct 14, 2010
I've recently written a small javascript library that creates a unified interface for localStorage and sessionStorage.
The code is here[URL]... I'm looking for people to give me feedback and to help me work on it should you so wish.
View 3 Replies
View Related
Sep 14, 2011
Im playing with HTML5 LocalStorage and it seems pretty straight forward for the most part. Load the page with the following to insert the test values.
Code:
localStorage.setItem("artist-0", "0"); //saves to the database, key/value
localStorage.setItem("artist-1", "1");
localStorage.setItem("artist-2", "2");
localStorage.setItem("artist-3", "3");
[Code]...
View 5 Replies
View Related
Dec 13, 2011
I've been using localStorage to store a large amount of data (> 5mb). I know that most browsers limit localStorage to 5mb. However, on the specification site it states,
Quote:
User agents may prompt the user when quotas are reached, allowing the user to grant a site more space. This enables sites to store many user-created documents on the user's computer, for instance.
Is this available yet? If so, how would I use it?
View 3 Replies
View Related
Jan 24, 2011
How do I tell my password function to have input type="password" onfocus. I also want the text "Password" to disappear onfocus.
[Code]...
View 8 Replies
View Related
Sep 1, 2005
According to a financial website I tried to access without javascript:
"the site uses JS for security reasons."
How would using JS improve security?
View 15 Replies
View Related
Jan 30, 2006
I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?
Is there a way, that if the person clicks the back button or access a
browser history, how can I make sure that the latest page is displayed
instead of just the cache. Or, clicking the back/history should
refresh that page.
View 8 Replies
View Related
