Keep your money for something else |
![]() Hyper Javascript | |
![]() |
||
fra_00xx 98xxxx handle 1100 NA PC | ||
A few days ago, I saw a post on Fravia's TOT MB about some new Internet
software. I thought it could be worth to have a look at it. What a
disapointment when, after a few minutes, I discovered those 'software' were
totally crap. This essay is not about how to 'crack' this protection cause
there is nothing to crack. I just want to show what some 'money oriented'
people seems to -unfortunately- be able to sell.
A Brain (a little one should be enough :)
JS- & java- enabled browser.
www.moonlight-software.com/webcrypt.htm
www.moonlight-software.com/sentry.htm
No history yet. Version 1.
So let's start with WebCrypt. This is supposed to crypt your html pages so
that people won't be able to reuse them too easily. Well, I won't say much
about this, Sp!ke already wrote a very good essay about this kind of
protection. Find it and and you'll know how to bypass this one and many others.
By the way, I'm not even sure we can use the word 'encryption' for that crap.
The encryption consist in reordering the letters of your page ... first
character comes last and last character comes first ... really too bad to be
called encryption. Here is what you get for 19.95 USD :
function Encrypt(Str) { var returnStr="" var NewStr="" for (var x=Str.length;x>=0;x--) { returnStr=Str.charAt(x) NewStr+=returnStr } return NewStr }
Moreover, although I did not tested extensively, it seems that it causes javascript errors with pages containing scripts :(
Ok, that 'webcrypt' doesn't deserve any more words. Let's have a look at 'Site Sentry'
protection to see if it's better.
Quote from moonlight software :
" Protect your Web site with this easy to use Java Applet brought to you by
MoonLight Software. No knowledge of Java required - take our realtime
Test-Drive above and see how easily you can put Site Sentry to work for you!
Server-side solutions aside, this is the best protection you can buy.
Javascript doesn't cut it - your usernames and passwords are visible to anyone
who knows how to view your HTML source. "
I'm not sure if it's the best protection you can buy, but it's definitaly not the best protection you can find on the web for free. And, believe me, there are lots of better protection written in JavaScript where you can't see username or password in the HTML source. Anyway, let's see how this work. Just download their trial version and do some test. Add a user 'abcd' with a password of 'ABCD', and look at the html code generated.
Just a last thing about those 'java applet' protection. Before using one, you should always have a look at its code. You never know, they may have hidden something malicious in it, like a backdoor or whatever else ... So be carefull.
Well, it's time to conclude now. I have been writing already too much. I just
don't understand how people dare to SELL things like that. I did not checked their
other products, but I doubt they are any better. Maybe someone else will have a
look at them.
So, if you are looking to protect your pages or site, look around the net,
you'll certainly find something better than this and for free. Or even better,
write your own stuff -and you don't need Java applet for that, JavaScript can
do a great work (whatever those moonlight people say) -. Of course, you won't get a nice packaging, but if you
really want to spend 20 dollars for nothing, you can always send them to me,
they will be welcome :)