(24 January 1998)

This gate to the advanced Javascript page is actually no gate at all... there is no way you can find out a password from the code on this page, short of bruteforcing all possible combinations... a very easy way to demonstrate to you that there is NO WAY whatsoever to fool an incredibly easy to write and implement javascript snippet. You need the exact name of the page you want to access, and you do not know it. This brings us once more to the importance of NAMES on the web... clearly if the page you are looking for would have been called adv_java.htm, you could have guessed it or bruteforced it, but if you NAME your secret pages something like GH_55_QP.html (note the html), you will not get all too much visitors where they should not be. Basically, as you'll be able to see clicking (another small javascript trick), I have written inside the HEAD of this page a function grasppasswd() that translates the password I could have given you into the URL you'll call...
Just click on the gif to get the password entry form...


Of course if you type Fravia you'll land inside Fravia.htm, and if you type links you'll land inside mty links page (what about a navigational aid with such system? is it quicker to click on a long frame list or to type a four/five letter URL like links? Try it out!).

Ok, so the sense of all this is that to protect parts of your site you may just use a simple NAME barrier, and that tools and techniques are needed to defeat this... at the moment the only valid methodes I know of (short of bruteforcing) are the "crumb gathering" technique, social engineering and psychological introspection... together with a little historical research (which is easy on sites that have slow mirrors :-)
Now I am already talking too much... may be this dead end IS NOT so dead after all... and, what's more important, may be some of my more advanced readers and wizards have something interesting to add, which I will publish... of course "on the other side"...

Back to the Javascript entrances

redhomepage redlinks redsearch engines red+ORC redstudents' essays redacademy database
redtools redjavascripts wars redcocktails redanonimity academy redantismut CGI-scripts
redcounter measures redmail_Fravia
redIs reverse engineering legal?

red(c) Fravia 1995, 1996, 1997, 1998. All rights reserved