cusimar9
05-18-2005, 04:07 AM
I have some websites which don't need to be db driven but there are some admin pages which I would like to add a little security to.
I've a couple of ideas but they are definitely 'lightweight' security and if someone really wanted to bypass it they could. Whether or not they'd want to is another matter as the admin pages don't exactly contain sensitive information.
Are there any tried and tested methods?
In fact, this was my idea, tell me what you think:
The page will only load if a valid 'authentication code' is passed in the address bar. The validation will simply consist of adding up the ascii values of the characters in the string and comparing this (as well as the string length) with a set number.
So if you read the source and see an ascii total of 2312 and a length of 43 you'll have to write a program to come up with a valid sentence, which would take a very long time if the length was long enough.
Reasonably secure that, I thought :D
I've a couple of ideas but they are definitely 'lightweight' security and if someone really wanted to bypass it they could. Whether or not they'd want to is another matter as the admin pages don't exactly contain sensitive information.
Are there any tried and tested methods?
In fact, this was my idea, tell me what you think:
The page will only load if a valid 'authentication code' is passed in the address bar. The validation will simply consist of adding up the ascii values of the characters in the string and comparing this (as well as the string length) with a set number.
So if you read the source and see an ascii total of 2312 and a length of 43 you'll have to write a program to come up with a valid sentence, which would take a very long time if the length was long enough.
Reasonably secure that, I thought :D