|
rrrado wrote: server must not know the password
Then how do you indend to authenticate the users?
rrrado wrote: I don't worry about secrity of client's password in his browser
You are a complete FOOL!
rrrado wrote: it is his problem to secure his computer
Wrong answer. You are writing the application, it is up to you to provide the appropriate level of security for your application.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Mark Nischalke wrote: Then how do you indend to authenticate the users?
It is not important in my question, it can be done by classic login form (with another pass) + cookies, or HTTP auth, or none. Let's say I've already received encrypted data from server.
Mark Nischalke wrote: You are a complete FOOL!
Thank you, but I really think it is not possible to save password "safely" in javascript when USER decides to save it. Only to save it encrypted with some master password which would user need to type each time which does not give sense to save the first password in this case.
|
|
|
|
|
rrrado wrote: I really think it is not possible to save password "safely" in javascript
EXACTLY!!! It doesn't matter if you use a master password of some sort, it still must be transmitted to the client and decrypted in JavaScript! The only thing you accomplish with transmitting the master password is to give someone access to ALL instances of your application, not just one. At that point you might as well not even use authentication because you have no security.
Please stop posting until you learn more about what you are doing.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I'm afraid you don't understand what I need to do. I'll try explain in other words. I'm not solving the problem with authentication. User creates some data at his computer. Then encrypts them LOCALLY with some password and upload to server. Server does not know the password, server is not able to decrypt the data! (When somebody hacks the server, he can get the data but has no password). Then user goes to some URL with web application, downloads the data from server (don't think about authentication it is not important now). It will provide pass to JS which decrypts the data. I need to offer storing the password somewhere so he don't need to type the pass each time he opens the application in browser. If he is paranoid then he won't save the password.
I was hoping somebody will know whether it is possible to force browser (from JS) to save the password into it's auto-form-filler store which fills the forms.
|
|
|
|
|
I'm afraid you have not been listening. So you have a password on the client machine, yes, auto-complete forms do this all the time. Now you are transmitting the encrypted data to the client for decryption by a JavaScript function. Where does the JavaScript come from? It has to be downloaded to the client which leaves it vulnerable to interception. Now your encryption algorithm is exposed along with the data. How long will it take for some script kiddie to hack in with this info? I doubt you are even using a secure protocol or know what it is or how to use it.
Your ignorance is putting the client's data at risk unnecessarily and they should terminate the engagement with you.
Now, once again, stop posting until you learn what you are doing.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I know what am I doing. I've asked some question. If you don't know the answer, ok. If you have some ideas in area I haven't asked about, I can discuss about it, maybe we both will learn something. But why are you so offensive and writing me to stop posting? You don't know all the details about used algorithm (because it is not important to get answer to my question) but you know I'm complete fool If you are concerned about details I haven't wrote, just ask. FYI data is transmitted over HTTPS. The AES is used to encrypt the data. I don't know script kiddies which can crack HTTPS, then AES. Whole point is to make server unable to decrypt the data. Yes server could modify the JS to send the password back, but JS is easy to read and paranoid user can see what is it doing, or can save the HTML+JS locally and use always trusted copy. If you can see some way how can script kid steal other user's data, let me know.
|
|
|
|
|
You are missing the fundamental point... The Data WILL ALWAYS come from the server.. It's useless to wrap a completely insecure process with some faux authentication that in reality does nothing.
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
As I've wrote before, I'm not solving authentication problem.
|
|
|
|
|
[ Vigourosly banging head on wall, then giving up ]
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
Move over, save some wall for me
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
It is that time of the day. hungry i cant cope anymore
I have a Javascript written like this
function Jump() {
var txtUnitLen1 = document.getElementById("<%= txtUnitLen1.ClientID %>").value;
var txtUnitLen2 = document.getElementById("<%= txtUnitLen2.ClientID %>").value;
var txtUnitLen3 = document.getElementById("<%= txtUnitLen3.ClientID %>").value;
var txtUnitLen4 = document.getElementById("<%= txtUnitLen4.ClientID %>").value;
var txtUnitLen5 = document.getElementById("<%= txtUnitLen5.ClientID %>").value;
var txtUnitLen6 = document.getElementById("<%= txtUnitLen6.ClientID %>").value;
var txtUnitLen7 = document.getElementById("<%= txtUnitLen7.ClientID %>").value;
var txtUnitLen8 = document.getElementById("<%= txtUnitLen8.ClientID %>").value;
var txtUnitLen9 = document.getElementById("<%= txtUnitLen9.ClientID %>").value;
var txtUnitLen10 = document.getElementById("<%= txtUnitLen10.ClientID %>").value;
var txtUnitLen11 = document.getElementById("<%= txtUnitLen11.ClientID %>").value;
var txtUnitLen12 = document.getElementById("<%= txtUnitLen12.ClientID %>").value;
var txtUnitLen13 = document.getElementById("<%= txtUnitLen13.ClientID %>").value;
var txtUnitLen14 = document.getElementById("<%= txtUnitLen14.ClientID %>").value;
var txtUnitLen15 = document.getElementById("<%= txtUnitLen15.ClientID %>").value;
var txtUnitLen16 = document.getElementById("<%= txtUnitLen16.ClientID %>").value;
var txtUnitLen17 = document.getElementById("<%= txtUnitLen17.ClientID %>").value;
var txtUnitLen18 = document.getElementById("<%= txtUnitLen18.ClientID %>").value;
var txtUnitLen19 = document.getElementById("<%= txtUnitLen19.ClientID %>").value;
var txtUnitLen20 = document.getElementById("<%= txtUnitLen20.ClientID %>").value;
var ddlAutoText = document.getElementById("<%= ddlAutoText.ClientID %>").value;
if (ddlAutoText > 0)
{
if (txtUnitLen1.length >= ddlAutoText)
{
document.getElementById("<%= txtUnitLen2.ClientID %>").focus();
}
if (txtUnitLen2.length >= ddlAutoText)
{
document.getElementById("<%= txtUnitLen3.ClientID %>").focus();
}
if (txtUnitLen3.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen4.ClientID %>").focus();
}
if (txtUnitLen4.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen5.ClientID %>").focus();
}
if (txtUnitLen5.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen6.ClientID %>").focus();
}
if (txtUnitLen6.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen7.ClientID %>").focus();
}
if (txtUnitLen7.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen8.ClientID %>").focus();
}
if (txtUnitLen8.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen9.ClientID %>").focus();
}
if (txtUnitLen9.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen10.ClientID %>").focus();
}
if (txtUnitLen10.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen11.ClientID %>").focus();
}
if (txtUnitLen11.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen12.ClientID %>").focus();
}
if (txtUnitLen12.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen13.ClientID %>").focus();
}
if (txtUnitLen13.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen14.ClientID %>").focus();
}
if (txtUnitLen14.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen15.ClientID %>").focus();
}
if (txtUnitLen15.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen16.ClientID %>").focus();
}
if (txtUnitLen16.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen17.ClientID %>").focus();
}
if (txtUnitLen17.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen18.ClientID %>").focus();
}
if (txtUnitLen18.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen19.ClientID %>").focus();
}
if (txtUnitLen19.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen20.ClientID %>").focus();
}
if (txtUnitLen20.length >= ddlAutoText) {
document.getElementById("<%= txtUnitLen1.ClientID %>").focus();
}
}
and i am setting the max length of the text on the server side. Now this is working , the main purpose of this javascript is that when the user types till the "MaxLength" of the textbox. Now this works fine, when the value of the maxlength is 3 , if a user tries to type the 4th text, it will set the focus to the next textbox.
Now my problem is that now , let us say one made a mistake in textbox 3 and want to go and edit, immidiately when you edit the text in the textbox 3 , the focus jumps quickly to textbox1 before the editing is finished. Below is the event that is used
<asp:TextBox ID="txtUnitLen1" onKeyUp="Jump()" runat="server" </asp:TextBox>
I just need to go and eat, i will look at your reply tomorow.
thanks again for your help
Thanks
Vuyiswa Maseko,
Spoted in Daniweb-- Sorry to rant. I hate websites. They are just wierd. They don't behave like normal code.
C#/VB.NET/ASP.NET/SQL7/2000/2005/2008
http://www.vuyiswamaseko.com
vuyiswa@its.co.za
http://www.itsabacus.co.za/itsabacus/
|
|
|
|
|
Try this
Xtended TextBox[^] It contains different types of textboxes like IPAddress, Phone, Social Security Number, Credit Card, etc.,
thatraja |Chennai|India|
Brainbench certifications Down-votes are like kid's kisses don't reject it Do what you want quickly because the Doomsday on 2012
|
|
|
|
|
hello everyone.
Inside my form I have a field like this:
<input type="text" id="UserEmail" name="UserEmail" />
If I set the Id in my Ext source it works fine:
var txt_email = new Ext.form.TextField
({
applyTo: 'UserEmail' ,
allowBlank: false,
x:10,
y:50
});
But if I set one button, it doesn't work.
I don't wanna override the attributes in my widgets.
Where are my mistakes?
the example:
<html><head><title>Hello World</title>
<link rel="stylesheet" type="text/css" href="ext/resources/css/ext-all.css" />
<script type="text/javascript" src="ext/adapter/ext/ext-base.js"></script>
<script type="text/javascript" src="ext/ext-all.js"></script>
<script type="text/javascript">
Ext.onReady(function()
{
Ext.QuickTips.init();
var txt_email = new Ext.form.TextField
({
applyTo: 'UserEmail' ,
allowBlank: false,
x:110,
y:50
});
var btn_submit = new Ext.Button
({
applyTo: 'submit' ,
x:280,
y:50
});
var viewport = new Ext.Viewport
({
renderTo: document.body,
frame:true, layout:'fit',
items:[{
xtype:'panel',
layout:'absolute',
items:[txt_email, btn_submit]
}]
});
viewport.show();
});
</script>
</head>
<body>
<form id="anyname">
<input type="text" id="UserEmail" name="UserEmail" />
<input type="button" id="submit" name="submit" onclick="alert('hello')" />
</form>
</body>
</html>
Thanks!
|
|
|
|
|
Hello!
I found the solution:
http://stackoverflow.com/questions/2944322/extjs-login-with-remember-me-functionality
new Ext.Panel({
el: 'auth-form',
autoShow: true,
layout: 'form',
items: [
{
xtype: 'textfield',
el: 'auth-username',
autoShow: true,
name: 'username',
fieldLabel: 'Username',
anchor: '100%'
},
{
xtype: 'textfield',
el: 'auth-password',
autoShow: true,
name: 'password',
fieldLabel: 'Password',
anchor: '100%'
}
],
buttons: [
{
text: 'Log in',
handler: function() {
Ext.get('auth-submit').dom.click();
}
}
]
});
the problem was in the 'el' and the 'handler'
this is the example html form:
<form id="auth-form" action="/url/of/your/login/action" method="POST">
<input id="auth-username" type="text" name="username" class="x-hidden">
<input id="auth-password" type="password" name="password" class="x-hidden">
<input id="auth-submit" type="submit" class="x-hidden">
</form>
|
|
|
|
|
Okay, I just got a somewhat of a horrifying script. It has about 60 functions in it and the creator decided that for every function he should use another function to call it, function names are none descriptive (func123), I already found 3 functions that call the exact same function and doesn’t do anything else.
I have been asked to document it and tidy it up, but right now I can’t tell right from left.
What I want to ask is:
Does anyone know of an editor for javascript that can tell me where what function is called and where what variable is used?
|
|
|
|
|
Use a decent editor that will allow you to easily find the functions. We use a lot of TCL in house and have found notepad++ invaluable for searching and editing the code.
Panic, Chaos, Destruction.
My work here is done.
or "Drink. Get drunk. Fall over." - P O'H
OK, I will win to day or my name isn't Ethel Crudacre! - DD Ethel Crudacre
|
|
|
|
|
|
+10 for Notepad++. I even use it to browse individual code files (C++, C#, VB, VBS, XML...) when I don't want to load studio and wait for it to initialize.
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
I agree
thatraja |Chennai|India|
Brainbench certifications Down-votes are like kid's kisses don't reject it Do what you want quickly because the Doomsday on 2012
|
|
|
|
|
The tool: Eclipse will help you after you install JavaScript model.
|
|
|
|
|
THIS[^] tool might be useful, I've used it and it's quite helpful.
Regards,
Hiren.
"We owe a lot to the Indians, who taught us how to count, without which no worthwhile scientific discovery could have been made." - Einstein
Microsoft Dynamics CRM
|
|
|
|
|
i want when user click on submit button then a div layer will be generated over the textbox whose height and width will be just the same as textbox and in this way textbox will be blocked for entering something. i want to do it by javascript. in this scenario other textbox will not be blocked.
tbhattacharjee
|
|
|
|
|
Sir,
I completely understand your requirement. But I think creating a div above the textbox may not be a good idea.
Insted you can just make that particular textbox disabled. In that way he wont be able to modify thosed etails, and it is really very easy to implement this using Jquery or Javascript.
$('#div_id).attr('disabled', 'true');
And it will be taken care of.
|
|
|
|
|
I think you can set the input text-box to disable status to prevent user enter the new text.
please use the like below code:
document.getElementById("YourID").disabled=true;
modified on Friday, November 19, 2010 2:39 AM
|
|
|
|
|
You can make text box as disable or readonly.
sunaSaRa Imdadhusen
+91 99095 44184
+91 02767 284464
|
|
|
|