Detect if user has authenticated

[Uldis Bojars]

Hi!

How can Javascript code detect if a user has been authenticated to see
a page, that is, if he has entered a username and password for HTTP
authentification to see the current page. Possibly that can be
determined from the HTTP request header, but how to access this data
for the current page in Javascript?

Plus: how can it detect if the current page is encrypted? Is looking at
the protocol ( https:// ) enough to determine this?

I need it to work in a Firefox extension and why I need this is because
I don't want to process pages that may contain sensitive information.

Thanks,
Uldis

 

[ASM]

Uldis Bojars a écrit :

How can Javascript code detect if a user has been authenticated to see
a page, that is, if he has entered a username and password for HTTP
authentification to see the current page. Possibly that can be
determined from the HTTP request header, but how to access this data
for the current page in Javascript?

Plus: how can it detect if the current page is encrypted? Is looking at
the protocol ( https:// ) enough to determine this?

I need it to work in a Firefox extension and why I need this is because
I don't want to process pages that may contain sensitive information.

And if visitor disactives its JS, how do you do ?
Or a FF extension can't have JS disactived ?

 

[Uldis Bojars]

Uldis Bojars a écrit :

And if visitor disactives its JS, how do you do ?
Or a FF extension can't have JS disactived ?

FF extensions are built on XUL+JavaScript+CSS+...

I assume that you can deactive JavaScript on web pages, but not in FF
extensions.
Because if you did these extensions won't be working at all.
And since Firefox itself is built on XUL nor will it be working with
JavaScript completely cut off.

So the question - how to detect if a user has authenticated and if the
page he is viewing is encrypted - is still open.

Thanks,
Uldis

 

[ASM]

Uldis Bojars a écrit :
Did you have a look to extension :
Live HTTP Headers
http://livehttpheaders.mozdev.org/
to see or ask how they do ?

(don't know how an extension can stop loading a page)
(don't know how a JS script in a page can get information from an
extension)

cookies ?

 

[Uldis Bojars]

Uldis Bojars a écrit :

Did you have a look to extension :
Live HTTP Headershttp://livehttpheaders.mozdev.org/
to see or ask how they do ?

(don't know how an extension can stop loading a page)
(don't know how a JS script in a page can get information from an
extension)

Thanks. Looking at LiveHTTPHeaders help - found out that they are
tapping into Mozilla's components to add a listener for HTTP requests
and responses. Should be doable for my extension as well.

Note: I only need to access this information from an extension. No need
to access it from a JS script in a page.

cookies ?

One problem with what I am trying to find out (if a user is in a
password protected page) is that there are many ways to authenticate on
a page and HTTP authentication is not even the most widely used. There
are also session cookies and session IDs in URLs, but these may be
different for each site and detecting all of these would be too much
effort. (An alternative is to forget about detecting password protected
pages and just create a blacklist of pages not to ignore).

What about detecting if the current page/connection is encrypted?
Is the fact that the URL starts with "https://" a good indication of
that?

Thanks,
Uldis