带有 target=_blank 的密码保护超链接
[英]Password protected hyper link with target=_blank
问题描述
I have a hyper link like this :
我有一个像这样的超链接:
<A Href=My_Java_Servlet?User_Action=Admin_Download_Records&User_Id=Admin onClick=\"Check_Password();\" target=_blank>Download Records</A>
When a user clicks on it, a password window will open, the user can try 3 times for the right password.当用户点击它时,会打开一个密码窗口,用户可以尝试 3 次以获取正确的密码。
The Javascript looks like this : Javascript 如下所示:
<Script Language="JavaScript">
function Check_Password()
{
var testV=1;
var pass1=prompt('Password','');
while (testV<3)
{
if (!pass1) history.go(-1);
if (pass1=="password") { return true; }
testV+=1;
var pass1=prompt('Access Denied - Password Incorrect.','');
}
return "false";
}
</Script>
If user enters the wrong password 3 times, it's supposed to not do anything, but it still opens a new window and displays the protected info, how to fix the javascript or my html hyper link so only the right password will open a new target window, a wrong password will make it do nothing ?如果用户输入错误密码 3 次,它应该什么都不做,但它仍然打开一个新窗口并显示受保护的信息,如何修复 javascript 或我的 html 超链接,以便只有正确的密码才能打开一个新的目标窗口,一个错误的密码会使其无所作为吗?
4 个解决方案
解决方案1
11 2008-10-30 17:05:58
Clientside JavaScript is perhaps the worst possible way to provide "security".客户端 JavaScript 可能是提供“安全性”的最糟糕的方式。 Users can just view the source to see all of your passwords, or just disable JavaScript altogether.用户可以查看源代码来查看您的所有密码,或者完全禁用 JavaScript。 Do not do this.不要这样做。
解决方案2
7 2008-10-30 17:10:55
Other people have answered your question with the true/false return value but here's some of the problems with the whole idea of checking the password in javascript on the client:其他人已经用 true/false 返回值回答了您的问题,但这里是在客户端上的 javascript 中检查密码的整个想法的一些问题:
Your javascript source is freely readable by anyone downloading the page - thus showing them the password needed to view the page.
任何下载页面的人都可以自由读取您的 javascript 源代码 - 从而向他们显示查看页面所需的密码。If they don't have javascript enabled then they'll just go straight to the page without getting the javascript prompt.
如果他们没有启用 javascript,那么他们将直接进入页面而不会收到 javascript 提示。They could always just copy the link and paste it into their address bar to bypass the password protection.
他们总是可以复制链接并将其粘贴到他们的地址栏中以绕过密码保护。 They could also just middle-click the link (which should open it in a new tab/window depending on their browser.)他们也可以只用中键单击链接(根据浏览器的不同,应该在新选项卡/窗口中打开它。)
Even on a private/intranet-only application this would be a laughable security method.即使在私有/仅限内部网的应用程序上,这也是一种可笑的安全方法。 :) Please consider re-desinging it so that the password is checked on the server-side portion (like when someone attempts to access the servlet it would render a password box and then post that password back to the server and then allow/deny access.) :) 请考虑重新设计它,以便在服务器端部分检查密码(例如,当有人尝试访问 servlet 时,它会呈现一个密码框,然后将该密码发送回服务器,然后允许/拒绝访问.)
解决方案3
1 2008-10-30 17:03:28
You might to try returning false rather than "false"您可能会尝试返回false而不是"false"
However, you might be better off doing this kind of thing on the server, as I'd image all but novice users will know how to "copy link address" and paste this into their address bar.但是,您最好在服务器上执行此类操作,因为我认为除了新手用户之外的所有人都知道如何“复制链接地址”并将其粘贴到他们的地址栏中。
解决方案4
0 2008-10-30 17:02:58
为什么你返回"false"而不是false ?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.