(24 January 1998)
is no way you can find out a password from the code on this page, short of
bruteforcing all possible combinations... a very easy way to demonstrate
to you that there is NO WAY whatsoever to fool an incredibly easy to write
want to access, and you do not know it. This brings us once more to the importance
of NAMES on the web... clearly if the page you are looking for would have been
called adv_java.htm, you could have guessed it or bruteforced it, but if you NAME
your secret pages something like GH_55_QP.html (note the html), you will not
get all too much visitors where they should not be.
Basically, as you'll be able to see clicking
page a function
grasppasswd() that translates the password I could have given you into the URL
Just click on the gif to get the password entry form...
Of course if you type Fravia you'll land inside Fravia.htm,
and if you type links
you'll land inside mty links page (what about a navigational aid with such system? is it quicker to click on
a long frame list or to type a four/five letter URL like links? Try it out!).
Ok, so the sense of all this is that to protect parts of your site you may just
use a simple NAME barrier, and that tools and techniques are needed to defeat this...
at the moment the only valid methodes I know of (short of bruteforcing) are
the "crumb gathering" technique, social engineering and psychological introspection...
together with a little historical research (which is easy on sites that
have slow mirrors :-)
Now I am already talking too much... may be this dead end IS NOT so dead after all...
and, what's more important, may be some of my more advanced readers and wizards have
something interesting to add, which I will publish... of
course "on the other side"...
Is reverse engineering legal?
Fravia 1995, 1996, 1997, 1998. All rights