 |
|
|
01-08-2008, 12:04 AM
|
|
#76
|
|
|
Swordman (Level 9)
Join Date: Jan 2006
Posts: 87
|
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:
http://www.aspspider.info/mellamokb/
The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.
Cheers,
~ mellamokb |
|
 Add to del.icio.us
 Can you digg it?
|
|
|
|
|
01-08-2008, 12:08 AM
|
|
#77
|
|
|
Swordman (Level 9)
Join Date: Jan 2006
Posts: 87
|
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:
http://www.aspspider.info/mellamokb/
The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.
Cheers,
~ mellamokb |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
01-08-2008, 12:08 AM
|
|
#78
|
|
|
Swordman (Level 9)
Join Date: Jan 2006
Posts: 87
|
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:
http://www.aspspider.info/mellamokb/
The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.
Cheers,
~ mellamokb |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
01-08-2008, 12:17 AM
|
|
#80
|
|
|
Swordman (Level 9)
Join Date: Jan 2006
Posts: 87
|
Sorry admins. Please delete those extra posts. Our internet's really crappy due to the weather, and I hit submit three or four times and didn't realize they all would get submitted. Sorry!
~ mellamokb
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
01-08-2008, 01:24 AM
|
|
#81
|
|
|
unicode is my horse
Join Date: Sep 2004
Location: Finland
Posts: 3,697
|
Sorry, but the javascript dont work in gekko browsers.
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
01-08-2008, 01:54 PM
|
|
#82
|
|
|
Swordman (Level 9)
Join Date: Jan 2006
Posts: 87
|
Hi Vege,
Quote:
|
Sorry, but the javascript dont work in gekko browsers.
|
I had a pretty good idea it wouldn't. I wrote IE5+ on the page because that's what I tested on. I'm demonstrating a concept, not cross-browser javaScript, so if you try it in IE5+ you can see what I mean. I'm not sure how gekko browsers treat caching, so from that perspective, everything I've said may be indeed null and void (as you've indicated in a previous post). I would have to experiment with gekko-based browser caching before I would want to create cross-browser scripting.
I'm a heavy proponent of using server-side technologies to hide information that you don't want users to see, and then giving them possibly full access to any client-side scripts to learn from, with maybe some sort of copyright notice. I am just trying to see if JavaScript source hiding is possible for my own entertainment, as I don't really have a use for it.
Cheers,
~ mellamokb |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
01-24-2008, 09:43 PM
|
|
#83
|
|
|
Novice (Level 1)
Join Date: Jan 2008
Posts: 1
|
Hi, this question is kind of related but not really.
What file permissions should HTML files have on a nix system have? 755 or 644, assuming it is just static code, maybe some javascript and nothing else? Someone told me 755 but why would HTML files need to be world executable?
thanks
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
02-05-2008, 03:46 AM
|
|
#84
|
|
|
Chevalier (Level 6)
Join Date: Feb 2008
Posts: 55
|
Opinion
Hi all,
I found this thread interesting. While I am nowhere near any of you who posted, all I know is basic HTML,  I read through all this and came to some conclusions and would like to know if they are correct..
1. If you are going to put something out there, it can be taken. Really, even your PC is as risk let alone a website.
2. If you disable everything\hide it aside of backup and some basic precautionary\security steps, going overboard defeats the point of putting something out to the public.
3. If a person is that concerned with data\pictures, then simply do not make it public.
4. As far as stealing your material\data\hacking, it depends on how bad someone wants something and how important that web info is. Not many would go through the trouble of stealing pictures of stick figures, etc...
Now, these are not statements, just conclusions I came to after reading and that made some sense to me. Are these correct or no? Close even? 
Thank you much,
Paul |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
02-05-2008, 04:03 AM
|
|
#85
|
|
|
unicode is my horse
Join Date: Sep 2004
Location: Finland
Posts: 3,697
|
Quote:
Hi, this question is kind of related but not really.
What file permissions should HTML files have on a nix system have? 755 or 644, assuming it is just static code, maybe some javascript and nothing else? Someone told me 755 but why would HTML files need to be world executable?
|
thanks
HTML files should have only read permissions.
PHP files should have read+execute permissions.
UPLOAD folder should belong to apache group (so nonother than the webserver can write into it) and have 775 permissions. |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
03-07-2008, 09:44 AM
|
|
#87
|
|
|
Chevalier (Level 6)
Join Date: Feb 2008
Posts: 53
|
Some of you may have encountered this puzzle previously -- it is a great challenge -- a good way to test your web authoring skills and a nice diversion from "headaching" coding sessions. It also illustrates the futility of trying to hide source code If you crack it, don't post your hidden message answer here just yet -- I will do so after a short while.
http://www.drpeterjones.com/hidden/hidden.php
James |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
03-13-2008, 01:39 PM
|
|
#88
|
|
|
Deity (Level 17)
Join Date: Jul 2005
Location: So Cal USA
Posts: 971
|
thats a pretty cool test,
ill try to keep it vague for those that are still looking.
i found the embedded address i believe, in some contorted form, and didnt exactly feel like writing a code to decypher all the whole numbers to extract the address but it looks challenging a bit. looks like one would need to run a code to pull iterate through the rounded whole numbers divided by 4 then multiplied by 2, and use only the ones that follow the rules where the length is less than 3 times the string length.
am i anywere near the answer? lol. but it looks obviously possible, if im on the right track. thats alot of work. otherwise, is it some more obvious solution near those lines?
how about just viewing the headers to get the address, or using the DOM? would that work?
does look like a big headache to create an algorythm that would code your addresss in that form.
i await your answer
|
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
03-26-2008, 10:19 AM
|
|
#90
|
|
|
Aspirant (Level 2)
Join Date: Mar 2008
Posts: 20
|
Quote:
Originally Posted by ucm
heres a question (stop me if i missed it earlier in the thread but someone at work mentioned this to me last week) but one way that "might" (theoretically) work would be to use flash to store 100% of your page and pics inside of. there wouldnt be a source to view and the only way you could save images would be to take a screenshot.
of course this is a$$umming that the browser doesnt store the flash file offline in such a way that a visitor could open it in some flash decryption app or editor...
whats your all's take on this?
i dont knw flash or how it works (yet) but i believe it would store a flash file with source, images, and all offline in the browser's cache. sound right to you guys and gals?
|
There are flash decompilers. |
|
|
Add to del.icio.us
Can you digg it?
|
|
|
|
|
KEEP TABS |
|
SPONSORS |
| |
|
| |
|
|
| |
|
Linear Mode
