Re: OffTopic - What's the proper way to...
On Fri, Feb 16, 2001 at 02:12:19PM -0600, William Jensen wrote:
> I've got a web site that has some protected data. On some of the pages
> I have javascript that does some calculations. Right now I have it so
> if they click on the link to that page it auto asks for username/password,
> however, what I would like to do is let them "see" the page and only
> ask for username/password once they click the "calculate" button. Is this
> type of thing done thru the use of cgi scripts or what. There is probably
> more than one "way" to do it but I'd be interested in some opinions in
> a good way to accomplish this.
don't know what kind of calculations you offer and in what way the
javascript is involved, but if your requirements fit into the scheme
of having some kind of form into which the user fills in several
parameters before clicking "calculate", then the classical CGI script
would probably be the best solution. In that case, everything you might
want to protect - data, algorithms, whatever - is on the server side,
and you can easily control at which point you require authentication/
authorization.
When doing it in javascript (client-side, I assume), keep in mind that
the code is delivered to the browser as is, so you have no real control
over what the user then does with it. If this code implements the
calculations you would like to protect, then this probably isn't the
best way of doing it (it only requires very little expert knowledge to
get that code executing outside of the context of your website, except
if you devise some clever challenge-response mechanism). However, these
concerns only apply if you are _not_ having some data on the server
side without which the javascript would be useless...
Maybe you could elaborate a little more on the details of your
intentions... (e.g. what you mean by "let them see the page", etc.)
Cheers,
Erdmut
--
Erdmut Pfeifer
science+computing gmbh
-- Bugs come in through open windows. Keep Windows shut! --
Reply to: