Var pass1 = "Ace,asvirilin1"; // place password here



  • When you go to http://www.mochola.org/nabokov/ and click one of the links "...Novels | Lolita | Stories | Essays | Interviews...", the page that pops up contains the following code:

    <script type="text/javascript">
    <!-- Begin

    var password;
    var pass1 = "Ace,asvirilin1"; // place password here

    password=prompt("Please enter below your username and password separated by comma:","");

    if (password==pass1) {
    window.location= "http://www.mochola.org/nabokov/shop.htm"; // file to open if password is correct
    } else {
    window.location= "http://www.mochola.org/nabokov/noaccess.htm"; // file to load if password is incorrect
    }
    // End -->
    </script>

    <script>

     

    I don't even see what they are  trying to 'protect' there...



  • Well we all know that security through obscurity is bad, right? We also know that that doing the opposite of something bad must be good. The coder here obviously followed this logic to the obvious conclusion and has given us"security through clarity". I wonder if it will work?

      



  • http://www.mochola.org/nabokov/noaccess.htm

     

    Another wtf: "<font color="#ff0000" size="4">WRONG PASSWORD OR USERNAME DOESN'T EXIST</font>"

     So this means we should be in every time, no?
     



  • last updated 0502Y2K7 best with IE5.5 1024x768px

    `nuff said. Surprise, there are idiots with javascript "protection." This has been done to death. Can we move on, to newer, better, wtfs?



  • In Firefox, if you click the link while holding the Esc button, it prevents the prompt from appearing. Not that this increases security by any means...



  • Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.



  • @Quincy5 said:

    Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

    View Source. :) 



  • @dhromed said:

    @Quincy5 said:

    Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

    View Source. :) 

     Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
     



  • @Quincy5 said:

    @dhromed said:

    @Quincy5 said:

    Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

    View Source. :) 

     Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
     

    Ethereal or any sniffer ....



  • @Quincy5 said:

    @dhromed said:

    @Quincy5 said:

    Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

    View Source. :) 

     Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
     

     

    Or more simple : just load one of the target page (i.e. http://www.mochola.org/nabokov/lolita.htm) with javascript disabled.

    You'll be able to "View source" and find the qutoted code .... 

     



  • @chrisahn said:


    I don't even see what they are  trying to 'protect' there...

    Especially as you can click the 'Shop' link, and get to the same page without typing a password. And on the Shop page, you get the same links, which redirect you back to the Shop page, and so on.



  • I use to check my proxy logs to see which urls are fetched. That works nice when a flash applet needs any external data ( for instance, the video file fetched by the youtube applet ).

    I would say it's easy when files are simply fetched from html pages, if you use firebug, just check the network logs. And then, I realize a really, really old WTF, the dreaded old stuff that made almost an entire generation allergic to javascript : those damn modal popups !

     
    Yep, javascript is given that intense power : display a modal window. Okay, it prevents the user from interacting with the web page which creates it, and considering the web page as an application, that's absolutely logical. The real problem is that the entire browser is blocked : you can't use any menu, you can't check any other page, you can't even move the window. And that's real stupid to give a single page such an amount of obtrusive power over an application that hosts multiple unrelated pages. In then years nothing has changed : if a javascript displays a popup in a loop, the only option is to kill the browser. Maybe I miss something but in Firefox, Safari and IE you can't do anything else about it.

    Future versions of browsers should give the user more control on javascripts. First, don't allow a single page to pollute the entire application. Second : I see it too often, some javascript is wasting resources over time, and if you have several pages opened, you can't even tell which one is taking up so much memory and CPU time. As more and more web pages are becoming applications, browsers should at least include some kind of "process manager" and give the opportunity to see what consumes resources and kill them at user's request, without having to kill the entire browser. Nowadays, browsers are a bit like windows 3.1 : when an application fucks up, just reboot everything and lose your work.



  • @aikii said:

    Yep, javascript is given that intense power : display a modal window. Okay, it prevents the user from interacting with the web page which creates it, and considering the web page as an application, that's absolutely logical. The real problem is that the entire browser is blocked : you can't use any menu, you can't check any other page, you can't even move the window. And that's real stupid to give a single page such an amount of obtrusive power over an application that hosts multiple unrelated pages. In then years nothing has changed : if a javascript displays a popup in a loop, the only option is to kill the browser. Maybe I miss something but in Firefox, Safari and IE you can't do anything else about it.


    I believe this is considered an open bug, for firefox. 



  • You're right



    Reported:2000-11-06 17:11 PST

    omg!

    It would be a real great milestone ...



  • Didn't see that, but there was an awesome "no right click" script that did not work in firefox.



  • @aikii said:

    Future versions of browsers should give the user more control on javascripts.


    I'm using Opera 9 and every single one of those dialogs has a checkbox to quit executing scripts. As soon as it's checked and the dialog is dismissed, it shuts down the script.



  • @AbbydonKrafts said:

    @aikii said:
    Future versions of browsers should give the user more control on javascripts.


    I'm using Opera 9 and every single one of those dialogs has a checkbox to quit executing scripts. As soon as it's checked and the dialog is dismissed, it shuts down the script.
    Simple solution to a really boring recurrent problem. Okay that's stupid, but more than once I was trapped by my own debug messages ;-) This solution seems so simple to implement it's a shame no other browser though about it. Congrats to opera developers.


Log in to reply