Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Ok, so i'm going to Imagine i have a password protected webpage. I don't know the password, and my chrome's inspect element feature won't help because i don't know the password so i don't know what is in the underlined part:

mywebsite.com/???

Browser history, Google searching/web crawling, etc

MouseGames123 wrote:

powershack wrote:

MouseGames123 wrote:

Firedrake969 wrote:

Method 2 is also extremely insecure.
You can bypass it with “site.com/code/input.html”, with input being whatever you want as input.

The page's address would be site.com/codes/thisiswherethepasswordgoes.html, so unless you knew the password, you wouldn't know the web page address. Why can no one understand that!

Of course they can get the password! You technically have zero security in encrypting the password, so you could easily find it out

I will report you. It does work!

Sorry if that hurt your feelings I was just trying to point out something.

Of course it works It's just unsafe. Now, instead of arguing about how insecure this system is, how about we learn together and make a better password protection system

If you want more security, I recommend you keep the passwords in a database using backend code that Inspect Element can't see, and also https://github.com/emn178/js-sha512

Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Dude, what are you talking about? Storing passwords in Javascript is more secure than anything.

turkey3 wrote:

Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Dude, what are you talking about? Storing passwords in Javascript is more secure than anything.

storing passwords the wrong way

powershack wrote:

turkey3 wrote:

Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Dude, what are you talking about? Storing passwords in Javascript is more secure than anything.

storing passwords the wrong way

Lol I'm just kidding! I was curious who would take me literally.

turkey3 wrote:

powershack wrote:

turkey3 wrote:

Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Dude, what are you talking about? Storing passwords in Javascript is more secure than anything.

storing passwords the wrong way

Lol I'm just kidding! I was curious who would take me literally.

Backend is most secure (you can use Javascript for hashing tho).

CatsUnited wrote:

turkey3 wrote:

powershack wrote:

turkey3 wrote:

Firedrake969 wrote:

It's highly insecure because there is no encryption and it's a static page.
There is no reason to report.

Dude, what are you talking about? Storing passwords in Javascript is more secure than anything.

storing passwords the wrong way

Lol I'm just kidding! I was curious who would take me literally.

Backend is most secure (you can use Javascript for hashing tho).

I was actually considering trying to pull off some argument on how JS passwords are the safest (obviously not true) just to get a heated debate going.

You could make a good argument…
but only with NodeJS.

I don't believe there can ever be any good argument. Even if things are encrypted, it's still too risky, they can be decrypted.

Edit: Did you guys know Cubeupload has been shut down?

turkey3 wrote:

I don't believe there can ever be any good argument. Even if things are encrypted, it's still too risky, they can be decrypted.

Edit: Did you guys know Cubeupload has been shut down?

Yeah, it really sucks We'll have to find another way to post pictures on scratch

powershack wrote:

MouseGames123 wrote:

powershack wrote:

MouseGames123 wrote:

Firedrake969 wrote:

Method 2 is also extremely insecure.
You can bypass it with “site.com/code/input.html”, with input being whatever you want as input.

The page's address would be site.com/codes/thisiswherethepasswordgoes.html, so unless you knew the password, you wouldn't know the web page address. Why can no one understand that!

Of course they can get the password! You technically have zero security in encrypting the password, so you could easily find it out

I will report you. It does work!

Sorry if that hurt your feelings I was just trying to point out something.

Of course it works It's just unsafe. Now, instead of arguing about how insecure this system is, how about we learn together and make a better password protection system

I was wondering if someone was going to say that.

powershack wrote:

turkey3 wrote:

I don't believe there can ever be any good argument. Even if things are encrypted, it's still too risky, they can be decrypted.

Edit: Did you guys know Cubeupload has been shut down?

Yeah, it really sucks We'll have to find another way to post pictures on scratch

Lemme check on my signature…

EDIT: Yes, it has been shut down.

turkey3 wrote:

I don't believe there can ever be any good argument. Even if things are encrypted, it's still too risky, they can be decrypted.

Edit: Did you guys know Cubeupload has been shut down?

I meant JS as a backend

Firedrake969 wrote:

turkey3 wrote:

I don't believe there can ever be any good argument. Even if things are encrypted, it's still too risky, they can be decrypted.

Edit: Did you guys know Cubeupload has been shut down?

I meant JS as a backend

Well, of course with time and effort anything can be decoded
But atleast we can argue about the safest method

okay, first of all I agree that this is one of the worst password/authentication systems.
REMEMBER TO ADD SEMICOLONS!!! (
i also saw a convinience problem. you wan't people to do something if they did't type a code in! It should be something like this.
var userinput = prompt(“Password”);
if(userinput === “”) {
//exits without brining the user somewhere.
alert(“oh no! there is a problem. you didn't enter a code!”);
} else {
window.location.replace(“code/” + userinput + “.html”);
}

you should consider using something like node.js, php, python, maybe java, ect. for this.

masterex1000 wrote:

okay, first of all I agree that this is one of the worst password/authentication systems.
REMEMBER TO ADD SEMICOLONS!!! (
i also saw a convinience problem. you wan't people to do something if they did't type a code in! It should be something like this.
var userinput = prompt(“Password”);
if(userinput === “”) {
//exits without brining the user somewhere.
alert(“oh no! there is a problem. you didn't enter a code!”);
} else {
window.location.replace(“code/” + userinput + “.html”);
}

you should consider using something like node.js, php, python, maybe java, ect. for this.

Well, In my one, It says enter ‘Home’ to go back.

MouseGames123 wrote:

masterex1000 wrote:

okay, first of all I agree that this is one of the worst password/authentication systems.
REMEMBER TO ADD SEMICOLONS!!! (
i also saw a convinience problem. you wan't people to do something if they did't type a code in! It should be something like this.
var userinput = prompt(“Password”);
if(userinput === “”) {
//exits without brining the user somewhere.
alert(“oh no! there is a problem. you didn't enter a code!”);
} else {
window.location.replace(“code/” + userinput + “.html”);
}

you should consider using something like node.js, php, python, maybe java, ect. for this.

Well, In my one, It says enter ‘Home’ to go back.

still convince for the user