How NOT to secure your website

thedailywtf.com — A sobering (and funny) tale of online security. Feb 29, 2008 View in Crawl 4

Save
Bury

329 Comments

daveheinzel Mar 1, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Ha - awesome. That led me to this page:<a class="user" href="http://www.htmlfreecodes.com/Put%20password%20on%20your%20website%20to%20protect%20your%20pages.htm">http://www.htmlfreecodes.com/Put%20password%20on%2 ...</a>From the page: "This Code is a very nice sample of how to put password on your website." That's exactly what it does - it puts the password on your web page. Right on there for everyone to see (in the source code). Which is usually the desired result.

Reply

svivian Mar 2, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Or use Opera's source editor (Firebug might do the job as well) and remove the password checking from the JS. I've hacked a web site doing that. Client-side validation literally has zero security.

Reply

karlaredor Mar 3, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

404 page already hehe

Reply

nanophorm Mar 4, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Still insecure... Google hacked their site for me.The new password: listing (redirects you to listing.html)

Reply

shinkou Mar 5, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Man! This is hilarious! XDYes, Javascript is ALL you need! hahaha...

Reply

Closed Account Mar 7, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

HA...an updated line in the source says// **** You WILL NOT get access without a valid password ****

Reply

newagefreak Mar 7, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

ha ha ha... wow... that was funny. Thanks for that.

Reply

johnsquibb Mar 13, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

it just doesn't get much better than this:// **** javascript:IPcatch:subject?Source_code_violator ****var pass_msg = "Password: ";

Reply

portos12 Jun 13, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Yap, definitely that?s not the way.<a class="user" href="http://www.highpr.net">http://www.highpr.net</a>

Reply

squirlyblack Jul 30, 2008

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

Reply

yitgg May 9, 2009

0 diggs
-0 / +0

Show Buried Comment
Report

Digg
Bury

How do I secure my web site:<a class="user" href="http://www.cafewebmaster.com/how-do-i-secure-my-web-site">http://www.cafewebmaster.com/how-do-i-secure-my-we ...</a>

Reply

Justin_Kresty Sep 9, 2011

+1 diggs
-0 / +1

Show Buried Comment
Report

Digg
Bury

WOW, first I've heard of this.

Reply

shwnkvn0 Feb 7, 2012

+1 diggs
-0 / +1

Show Buried Comment
Report

Digg
Bury

updated line in the source says// **** You WILL NOT get access without a valid password
http://bit.ly/AuW5nJ

Reply

dsfdsfdsf Apr 27, 2012

+1 diggs
-0 / +1

Show Buried Comment
Report

Digg
Bury

http://domof.com/thedailywtf.com.html
... more info and website insights here, spy on your competitors

Reply

No more comments on this story. Add your own!

or Join Digg!

Reply to this thread

Submitted by

Mr. Baby Man 26694 Followers

See all from mrbabyman

Users who Dugg This

Mark Pierce 165 Followers

Fahd Altaf 404 Followers

clement yapp 902 Followers

Hypergrid srl 45 Followers

Reena 941 Followers

Justin_Kresty 27 Followers

Pete Thomas 0 Followers

eleazarf 0 Followers

Jackeline Wiliams 121 Followers

Shaun Steven 93 Followers

Top News in all Topics

Memorial Day: The Saddest Picture

So the FBI Sent Out an Agent to Check Up on My FOIA Request ...

50 Funny Spelling Mistakes on Twitter

Apple’s new iOS 6 Maps app with 3D mapping is coming this summer. [Exclusive Pics]

10 Crazy High-Tech Military Weapons That Actually Exist

Romney tells vets dangerous world demands powerful military

Game of Thrones: Saving Private Tyrion

Romney campaign quietly scrubs all mentions of anti-labor adviser Peter Schaumber

What The Pushback On Obama’s Spending Claim Ignores

The World's Most Discreet Murder Weapon

©Digg