Posted by JohnX2 on June 20, 2002, at 23:41:52
In reply to Re: cookes, posted by Dr. Bob on June 20, 2002, at 14:15:38
> > > combTime might be null, but why would that be a problem?
> >
> > you dereference a NULL object????
> >
> > idx = combTime.indexOf(":") <--- combTime = NULL
>
> That's not dereferencing, is it? I thought if combTime were null, indexOf would just return -1. But you're right, it's an error. Sorry! It should be fixed now.
>
> > Also, I don't care for the way the password cookie
> > has the password in plain ASCII if you load the file. Maybe there is a way you could encrypt this and deencrypt it locally so that wrong-doers don't walk off with our passwords.
>
> I don't care for it, either, and it's on my list of things to do. In the meantime, there's a way to erase your cookies if you're concerned about wrong-doers:
>
> http://www.dr-bob.org/cgi-bin/pb/extras.pl
>
> But maybe you can also help me with this:
>
> 1. Is there a way to encrypt in Javascript?
>
> 2. Even if cookies were encrypted, couldn't a wrong-doer still just walk off with them (and use them later) in that form?
>
> 3. Even if cookies were encrypted, the form would still need to be able to accept unencrypted passwords, since the poster might have erased their cookies or just not have cookies turned on. How would the form be able to do both?
>
> Bob
Thanks for the fixes. It runs smoothly both under Netscape and Explorer with no Errors.I don't know much about Java, so I don't have good answers to your questions.
There must be a way to do the password encryption though I would think, as this would be a substantial security issue for something like online banking, etc. I don't think it could be done using a Java script running on a client though, as a hacker can break into and read the Java code like I unintentionally did.
Gee I hope the online banking, brokers, etc with
autocomplete aren't exposing passwords as such.Regards,
John
poster:JohnX2
thread:5706
URL: http://www.dr-bob.org/babble/admin/20020510/msgs/5718.html