Go Back  HTML Forums - Free Webmaster Forums and Help Forums > WEBSITE DEVELOPMENT > HTML / XHTML
User Name:
Password:
 

Closed Thread
Thread Tools   Display Modes
  View First Unread
 
Old 01-08-2008, 12:04 AM
  #76
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:

http://www.aspspider.info/mellamokb/

The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.

Cheers,

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 12:08 AM
  #77
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:

http://www.aspspider.info/mellamokb/

The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.

Cheers,

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 12:08 AM
  #78
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
Fine! Please navigate to the following link to see the challenges. You may either post here or e-mail me directly with the correct passcodes, and please detail how you found the passcodes:

http://www.aspspider.info/mellamokb/

The second challenge uses dynamic loading of javascript, but the principle is still the same: two simultaneous requests to the same resource so that the second cached version overwrites the first cached version, and unless you use a tool different than a browser (IE5+ as is suggested), you will automatically have your cached version overwritten with the fake source. An external tool can obviously request the HTML source without also requesting the two JavaScript external files within the HTML source as browsers automatically do, but this type of programming need (or simple JavaScript AJAX request) is a little troublesome to do and should deter a lot of intruders.

Cheers,

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 12:09 AM
  #79
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
http://www.aspspider.info/mellamokb/

Cheers,

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 12:17 AM
  #80
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
Sorry admins. Please delete those extra posts. Our internet's really crappy due to the weather, and I hit submit three or four times and didn't realize they all would get submitted. Sorry!

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 01:24 AM
  #81
Vege
unicode is my horse
 
Join Date: Sep 2004
Location: Finland
Posts: 3,697
iTrader: (0)
Vege is just really niceVege is just really niceVege is just really niceVege is just really niceVege is just really nice
Sorry, but the javascript dont work in gekko browsers.
Vege is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-08-2008, 01:54 PM
  #82
mellamokb
Swordman (Level 9)
 
Join Date: Jan 2006
Posts: 87
iTrader: (0)
mellamokb is an unknown quantity at this point
Hi Vege,

Quote:
Sorry, but the javascript dont work in gekko browsers.
I had a pretty good idea it wouldn't. I wrote IE5+ on the page because that's what I tested on. I'm demonstrating a concept, not cross-browser javaScript, so if you try it in IE5+ you can see what I mean. I'm not sure how gekko browsers treat caching, so from that perspective, everything I've said may be indeed null and void (as you've indicated in a previous post). I would have to experiment with gekko-based browser caching before I would want to create cross-browser scripting.

I'm a heavy proponent of using server-side technologies to hide information that you don't want users to see, and then giving them possibly full access to any client-side scripts to learn from, with maybe some sort of copyright notice. I am just trying to see if JavaScript source hiding is possible for my own entertainment, as I don't really have a use for it.

Cheers,

~ mellamokb
mellamokb is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 01-24-2008, 09:43 PM
  #83
cadman
Novice (Level 1)
 
Join Date: Jan 2008
Posts: 1
iTrader: (0)
cadman is an unknown quantity at this point
Hi, this question is kind of related but not really.

What file permissions should HTML files have on a nix system have? 755 or 644, assuming it is just static code, maybe some javascript and nothing else? Someone told me 755 but why would HTML files need to be world executable?

thanks
cadman is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 02-05-2008, 03:46 AM
  #84
gimpguy2000
Chevalier (Level 6)
 
Join Date: Feb 2008
Posts: 55
iTrader: (0)
gimpguy2000 is an unknown quantity at this point
Opinion

Hi all,

I found this thread interesting. While I am nowhere near any of you who posted, all I know is basic HTML, I read through all this and came to some conclusions and would like to know if they are correct..

1. If you are going to put something out there, it can be taken. Really, even your PC is as risk let alone a website.

2. If you disable everything\hide it aside of backup and some basic precautionary\security steps, going overboard defeats the point of putting something out to the public.

3. If a person is that concerned with data\pictures, then simply do not make it public.

4. As far as stealing your material\data\hacking, it depends on how bad someone wants something and how important that web info is. Not many would go through the trouble of stealing pictures of stick figures, etc...


Now, these are not statements, just conclusions I came to after reading and that made some sense to me. Are these correct or no? Close even?

Thank you much,

Paul
gimpguy2000 is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 02-05-2008, 04:03 AM
  #85
Vege
unicode is my horse
 
Join Date: Sep 2004
Location: Finland
Posts: 3,697
iTrader: (0)
Vege is just really niceVege is just really niceVege is just really niceVege is just really niceVege is just really nice
Quote:
Hi, this question is kind of related but not really.

What file permissions should HTML files have on a nix system have? 755 or 644, assuming it is just static code, maybe some javascript and nothing else? Someone told me 755 but why would HTML files need to be world executable?
thanks

HTML files should have only read permissions.
PHP files should have read+execute permissions.
UPLOAD folder should belong to apache group (so nonother than the webserver can write into it) and have 775 permissions.
Vege is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 02-05-2008, 07:26 AM
  #86
scoutt
Mister Admin to you
 
scoutt's Avatar
 
Join Date: Jul 2001
Posts: 33,125
iTrader: (0)
scoutt is a glorious beacon of lightscoutt is a glorious beacon of lightscoutt is a glorious beacon of lightscoutt is a glorious beacon of lightscoutt is a glorious beacon of light
gimpguy2000, yes, you are correct
__________________
Have a Script or Snippet you want to share?

WWW Standards: HTML 4.01,
HTML 5, CSS2.1, CSS3, XHTML 1.0
PHP Standards: PHP Standards
scoutt is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 03-07-2008, 09:44 AM
  #87
jamesicus
Chevalier (Level 6)
 
Join Date: Feb 2008
Posts: 53
iTrader: (0)
jamesicus is an unknown quantity at this point
Some of you may have encountered this puzzle previously -- it is a great challenge -- a good way to test your web authoring skills and a nice diversion from "headaching" coding sessions. It also illustrates the futility of trying to hide source code If you crack it, don't post your hidden message answer here just yet -- I will do so after a short while.

http://www.drpeterjones.com/hidden/hidden.php

James
jamesicus is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 03-13-2008, 01:39 PM
  #88
wolfdogg
Deity (Level 17)
 
wolfdogg's Avatar
 
Join Date: Jul 2005
Location: So Cal USA
Posts: 978
iTrader: (0)
wolfdogg is on a distinguished road
thats a pretty cool test,

ill try to keep it vague for those that are still looking.

i found the embedded address i believe, in some contorted form, and didnt exactly feel like writing a code to decypher all the whole numbers to extract the address but it looks challenging a bit. looks like one would need to run a code to pull iterate through the rounded whole numbers divided by 4 then multiplied by 2, and use only the ones that follow the rules where the length is less than 3 times the string length.
am i anywere near the answer? lol. but it looks obviously possible, if im on the right track. thats alot of work. otherwise, is it some more obvious solution near those lines?

how about just viewing the headers to get the address, or using the DOM? would that work?

does look like a big headache to create an algorythm that would code your addresss in that form.

i await your answer
wolfdogg is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 03-13-2008, 06:08 PM
  #89
Vege
unicode is my horse
 
Join Date: Sep 2004
Location: Finland
Posts: 3,697
iTrader: (0)
Vege is just really niceVege is just really niceVege is just really niceVege is just really niceVege is just really nice
Here is a clue.
Remember wolfdog that you can get the source from your catche folder and there alter those javascripts as alert commands to alert those "crypted" messages out
http://tbn0.google.com/images?q=tbn:...problems-2.jpg
Vege is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Old 03-26-2008, 10:19 AM
  #90
bahhhhh2
Aspirant (Level 2)
 
Join Date: Mar 2008
Posts: 20
iTrader: (0)
bahhhhh2 is an unknown quantity at this point
Quote:
Originally Posted by ucm View Post
heres a question (stop me if i missed it earlier in the thread but someone at work mentioned this to me last week) but one way that "might" (theoretically) work would be to use flash to store 100% of your page and pics inside of. there wouldnt be a source to view and the only way you could save images would be to take a screenshot.


of course this is a$$umming that the browser doesnt store the flash file offline in such a way that a visitor could open it in some flash decryption app or editor...

whats your all's take on this?


i dont knw flash or how it works (yet) but i believe it would store a flash file with source, images, and all offline in the browser's cache. sound right to you guys and gals?

There are flash decompilers.
bahhhhh2 is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it?
Closed Thread
KEEP TABS
SPONSORS
 
Boxedart

 
 


 
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
  
 
 
 



 
  POSTING RULES
 
 
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Thread Tools
Display Modes

Forum Jump

 

All times are GMT -5. The time now is 11:19 PM.

   

Mascot team created by Drawshop.com | Web Hosting

Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Server Monitoring by ENIACmonitor 0.01
HTMLforums.com © Big Resources, Inc. Web Design by BoxedArt.com
vRewrite 1.5 beta SEOed URLs completed by Tech Help Forum and Chalo Na.