When you go to http://www.mochola.org/nabokov/ and click one of the links "...Novels | Lolita | Stories | Essays | Interviews...", the page that pops up contains the following code:

<script type="text/javascript">
<!-- Begin

var password;
var pass1 = "Ace,asvirilin1"; // place password here

password=prompt("Please enter below your username and password separated by comma:","");

if (password==pass1) {
window.location= "http://www.mochola.org/nabokov/shop.htm"; // file to open if password is correct
} else {
window.location= "http://www.mochola.org/nabokov/noaccess.htm"; // file to load if password is incorrect
}
// End -->
</script>

<script>

I don't even see what they are  trying to 'protect' there...

Well we all know that security through obscurity is bad, right? We also know that that doing the opposite of something bad must be good. The coder here obviously followed this logic to the obvious conclusion and has given us"security through clarity". I wonder if it will work?

http://www.mochola.org/nabokov/noaccess.htm

Another wtf: "WRONG PASSWORD OR USERNAME DOESN'T EXIST"

 So this means we should be in every time, no?
 

last updated 0502Y2K7 best with IE5.5 1024x768px

Quincy5:

Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

View Source. :) 

dhromed:

Quincy5:

Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

View Source. :) 

 Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
 

Quincy5:

dhromed:

Quincy5:

Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

View Source. :) 

 Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
 

Ethereal or any sniffer ....

Quincy5:

dhromed:

Quincy5:

Maybe a stupid question, but how do you make this script visible? Clicking it runs the script and disabling javascript in the browser results in the link doing nothing.

View Source. :) 

 Which source? The sources of both the first page and the page after cancelling the script seem not to contain it.
 

Or more simple : just load one of the target page (i.e. http://www.mochola.org/nabokov/lolita.htm) with javascript disabled.

You'll be able to "View source" and find the qutoted code .... 

chrisahn:

I don't even see what they are  trying to 'protect' there...

Especially as you can click the 'Shop' link, and get to the same page without typing a password. And on the Shop page, you get the same links, which redirect you back to the Shop page, and so on.

I use to check my proxy logs to see which urls are fetched. That works nice when a flash applet needs any external data ( for instance, the video file fetched by the youtube applet ).

I would say it's easy when files are simply fetched from html pages, if you use firebug, just check the network logs. And then, I realize a really, really old WTF, the dreaded old stuff that made almost an entire generation allergic to javascript : those damn modal popups !

 
Yep, javascript is given that intense power : display a modal window. Okay, it prevents the user from interacting with the web page which creates it, and considering the web page as an application, that's absolutely logical. The real problem is that the entire browser is blocked : you can't use any menu, you can't check any other page, you can't even move the window. And that's real stupid to give a single page such an amount of obtrusive power over an application that hosts multiple unrelated pages. In then years nothing has changed : if a javascript displays a popup in a loop, the only option is to kill the browser. Maybe I miss something but in Firefox, Safari and IE you can't do anything else about it.

Future versions of browsers should give the user more control on javascripts. First, don't allow a single page to pollute the entire application. Second : I see it too often, some javascript is wasting resources over time, and if you have several pages opened, you can't even tell which one is taking up so much memory and CPU time. As more and more web pages are becoming applications, browsers should at least include some kind of "process manager" and give the opportunity to see what consumes resources and kill them at user's request, without having to kill the entire browser. Nowadays, browsers are a bit like windows 3.1 : when an application fucks up, just reboot everything and lose your work.

aikii:

Yep, javascript is given that intense power : display a modal window. Okay, it prevents the user from interacting with the web page which creates it, and considering the web page as an application, that's absolutely logical. The real problem is that the entire browser is blocked : you can't use any menu, you can't check any other page, you can't even move the window. And that's real stupid to give a single page such an amount of obtrusive power over an application that hosts multiple unrelated pages. In then years nothing has changed : if a javascript displays a popup in a loop, the only option is to kill the browser. Maybe I miss something but in Firefox, Safari and IE you can't do anything else about it.

aikii:

Future versions of browsers should give the user more control on javascripts.

AbbydonKrafts:

aikii:

Future versions of browsers should give the user more control on javascripts.

I'm using Opera 9 and every single one of those dialogs has a checkbox to quit executing scripts. As soon as it's checked and the dialog is dismissed, it shuts down the script.