PDA

Click to See Complete Forum and Search --> : encrypt using javascript

bobo
08-11-2003, 05:32 AM
I want to access a image which is situation in a protected directory.
For security reason I want to encryt the password on display on the url.... so I write a javascript function as follow:

function Login(image) {
var first = "user2";
var second = "user2";
letters = "abcdefghijklmnopqrstuvwxyz/.1234567890~_:";
encrypt = new Array(
"%61","%62","%63","%64","%65","%66",
"%67","%68","%69","%6a","%6b","%6c",
"%6d","%6e","%6f","%70","%71","%72",
"%73","%74","%75","%76","%77","%78",
"%79","%7a","/","."
,"%31","%32","%33","%34","%35","%36","%37","%38",
"%39","%30","~","_","!",":");
var input = second;
hidden = "";
for(var count = 0; count < input.length; count++) {
daChar = input.charAt(count);
for (i = 0; i < letters.length; i++) {
if (daChar == letters.charAt(i)) {
hidden += encrypt[i];
break;
}
}
}
var htsite = "http://" + first + ":" + hidden + "@" + "URL of the site" + image;

return htsite;
}

When I try to display it on th HTML code it doesn't work...

<a href="javascript:Login('image.gif')" ><img border="1"
src="javascript:Login('image.gif')" width="96" height="80"></a>

Can anyone help???
:confused:
Phil Karras
08-11-2003, 11:35 AM
Sorry I'm not real clear on what you want to be able to do, however this code:

function Login(image) {
var first = "user2";
var second = "user2";
letters = "abcdefghijklmnopqrstuvwxyz/.1234567890~_:";
encrypt = new Array(
"%61","%62","%63","%64","%65","%66",
"%67","%68","%69","%6a","%6b","%6c",
"%6d","%6e","%6f","%70","%71","%72",
"%73","%74","%75","%76","%77","%78",
"%79","%7a","/","."
,"%31","%32","%33","%34","%35","%36","%37","%38",
"%39","%30","~","_","!",":");


If the Array holds the letters based on ASCII when one gets your page they get this array & once they do that they can decode your "password" - is that really what you want?

Hiding a password in JS is difficult since it is generally in the "open" for anyone to see once they have your code.

Since you have a "protected" area on your server I will assume you have server-side scripting, use one of those languages to hold the password in a database file in the protected area and use a server-side script to check the submitted PW.

Last, as far as I know only a protected server-side script can access a protected file on the server. I believe this means that even if you use a server-side script to put the name & location of the protected image in an HTML file that is sent to the client, the image will not be accessible to the client-side HTML.

One way around this (if you find that this is true) is to make a temp file, copy the image file to an unprotected area under a different name (a temp name only for this one page, different client gets a different temp image name) then after a set amount of time you delete the image from the unprotected section.

This said, I will also point out that once the client sees the image on the screen it can be cut & pasted to a graphics program even if the original file on the server is now deleted.

So, if the whole point is to protect an image from downloading, the exercise is pointless. These methods might help against novices but not against a knowledgeable user.