Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Password protected website with JavaScript

I have a quetion which may be simple/dumb or not :). In other words I have no idea if is fair enough or a completely foolish idea. Just some free thoughts.

What if I make my login via JavaScript with pass in it (yes I know), but pass will be hased by Secure Hash Algorithm. For instance:

I generate a pass with SHA which looks like

var = 0xc1059ed8... //etc

and paste into the code. There will be also two functions. One will compare two values (given by me with user's) and second will generate sha form user's input.

Is this could be safe theoritically or this is a horrible pattern and stupid idea? Can JS handle it?

EDIT: I didn't mean serious autentication like banking one. Just when I have my pics and want only to a few ppl to watch them and 99,9% of ppl on earth can't watch them :) thx for responses

like image 936
Lukasz Madon Avatar asked Aug 24 '10 16:08

Lukasz Madon


1 Answers

Sorry, no dice :) Secure authentication is not possible with client-side Javascript alone, because a positive authentication result could be faked. You will always need a server-side instance to authenticate against.

like image 63
Pekka Avatar answered Oct 19 '22 16:10

Pekka