Hey! I am very new at javascripting and I would like to know if there is any way of authenticating a homepage using javascript? I do know a couple of ways but they are extremly easy to "hack" because the username and passwords are stored in the script itself - as arrays.
Do you guys know any good ways of authenticating just a single subpage or two?
Remember: it must nut be very difficult as I am new at this!
Thanks
No, there is absolutely no way to authenticate a user using pure Javascript.
JavaScript is executed on the client side, and thus entirely and easily manipulable.
Authentication always needs to be done on server side. Javascript can be used to send the credentials to the server, but never to check those credentials.
As long as the final decision on whether or not the user gets to see some content is done on the client, it will be pretty easy to hack.
The only way that could possibly work would be if you somehow encode the content with a password, so that the desired information is simply not accessible as long as the password is not know. But even that is probably easily brute-forced and it would be quite complicated to implement.
It's not possible. Any data sent to the client in an unauthorized session should be considered public. Any sensitive data (eg: passwords) sent to the client in an unauthorized session should be considered compromised. Any data received from the client should be considered untrustworthy.
You can only trust the server.
Of course, you could write your server-side code in javascript using nodeJS
It is certainly possible: you can encrypt the web page and use javascript to decrypt it. It rarely makes sense to do that, though.
Ou yeah, there is a safe solution. It's called "challenge/response technique". It works like this:
Safety is achieved by that mean, that server send every challenge only once! If anybody capture client's response, it is not adaptable, cos server never send this challenge again.