堆栈内存溢出
  简体   繁体   English

具有简单功能的页面的密码保护-缺点是什么?

[英]Password protection for a page with a simple function - what are the downsides?

 原文  2016-04-22 05:02:00       javascript/ passwords/ e-commerce/ password-protection/ bigcommerce

问题描述

I am doing work on an e-commerce platform, and I was asked to come up with a solution so that a certain group of customers could enter a password protected page on the site. 我正在一个电子商务平台上工作,并被要求提出一个解决方案,以便某些客户可以在该网站上输入受密码保护的页面。 The platform doesn't allow for this, as in the functionality is not available, so according to customer support, it's something you would have to create a custom template for and build from scratch. 该平台不允许这样做,因为该功能不可用,因此根据客户支持,您必须为此创建自定义模板并从头开始构建。 It doesn't need to be fancy, or hacker proof, just secure enough . 不需要花哨的东西或黑客证明,只要足够安全即可。 So instead of doing that, I dropped the script below into the body of the page. 因此,我没有这样做,而是将下面的脚本放入了页面的主体中。

My first version: I use a prompt to ask for an input (password). 我的第一个版本:我使用提示询问输入(密码)。 If you click "prevent this page from creating additional dialouges", it creates sort of an infinite reload loop for that tab (not ideal, but problem?). 如果单击“防止此页面创建其他对话框”,则会为该选项卡创建某种无限重载循环(不理想,但有问题吗?)。 Are there other serious problems? 还有其他严重问题吗? Easy hacks for your average person? 对于普通人来说容易破解? 

$("body").hide();

var passwordCheckFunction = function() {

        var testPassword = window.prompt("YOU SHALL NOT PASS");

        if (testPassword === "thisPredefinedPassword") {
            $("body").show();
        } else {
            location.reload();
        }
    };
    passwordCheckFunction();

Any advice would be much appreciated, and thank you for your time. 任何建议将不胜感激,并感谢您的时间。

2 个解决方案

解决方案1
 1  

  1. Create your secret page as a category. 创建您的秘密页面作为类别。
  2. Customize it to your heart's desire by choosing a custom template file for it . 通过为您的心脏选择一个自定义模板文件来自定义它
  3. Finally, restrict it to only the authorized customer group by removing it from view from guests and every group except the authorized one. 最后,将其从访客和除授权客户之外的每个组中移出视图,将其限制为仅授权客户组。 在此处输入图片说明 在此处输入图片说明

Using this method, the customer only has to sign into his/her own customer account. 使用此方法,客户只需要登录自己的客户帐户即可。 BigCommerce will prevent access to the page by reading the assigned customer group of the customer. BigCommerce将通过读取客户的已分配客户组来阻止对该页面的访问。

解决方案2
 0  2016-04-22 16:10:31

I realize this isn't your desired method, but you might consider instead just making your page inactive in the admin area of your BC store, then instead of a password provide the direct url for users that are able to see that page. 我知道这不是您想要的方法,但是您可能会考虑让页面仅在BC商店的管理区域中处于非活动状态,然后为能够查看该页面的用户提供直接URL,而不是密码。

I'm not sure about the implications for google indexing with an inactive page, but I would assume that they are set not to index it, and if not you could set it in robots.txt 我不确定使用无效页面为Google编制索引的含义,但我认为它们已设置为不编制索引,如果没有,您可以在robots.txt中进行设置

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为每个页面设置密码保护 - putting password protection for each page 向 Vercel 上的简单 Next.js web 应用程序添加基本密码保护的最佳方法是什么? - What is the best way add basic password protection to a simple Next.js web app on Vercel? 对非敏感链接的简单密码保护 - Simple password protection for non-sensitive links 简单的JavaScript密码保护无法在移动平台上运行 - Simple JavaScript Password protection not working on mobile platform 与简单的闭包相比,模块级 state 的缺点是什么? - What are the downsides of module level state as opposed to a simple closure? 使用简单的基于正则表达式的降价解析器有什么缺点? - What are the downsides of using a simple regex-based markdown parser? .htaccess密码保护损坏 - .htaccess password protection broken 密码保护到 URL - password protection to URL Flask 页面加载时的简单密码保护 - Flask simple password protect on page load 在我的页面上包含jquery库有什么缺点吗? - Are there any downsides to including the jquery library on my page?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM