Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 700
  • Last Modified:

Username & Password in the URL

Hi Experts,

Is it possible to logon to a webbased notes application and give the username & password in the URL?

Regards,

Bob
0
oost1346
Asked:
oost1346
  • 4
  • 3
  • 3
  • +1
1 Solution
 
Sjef BosmanGroupware ConsultantCommented:
I suppose so. The login-screen can be modified, so it might be possible to fetch the username and password from the Query_String and trigger a POST.

Safety and security aren't such a big issue at your company??
0
 
oost1346Author Commented:
Hi Sjef,

I'm trying to implement a F5 Firepass SSL VPN solution which can SSO with a notes application. The Firepass will create the URL and will not be visible for the end-user....Yes....Safety an security is a issue (-:

Regards,

Bob
0
 
Sjef BosmanGroupware ConsultantCommented:
Ah! Splendid. The application to be used is browser-based, and not Notes? Hmm...

These questions may help you:
    http:Q_21630166.html "$$LoginUserForm"
    http:Q_21096979.html "Designing Login forms using domcfg.nsf"
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
p_parthaCommented:
http://username:password@<yournotesurl>

Partha
0
 
Sjef BosmanGroupware ConsultantCommented:
Partha, Bro, you never cease to amaze me... Where did you get that info from? Can't find it in the Help db's...
0
 
p_parthaCommented:
Oh it's been there for so long, btw that was my first question in EE..

Partha
0
 
ChrisTooheyCommented:
"http://username:password@<yournotesurl>"

Just a word of warning - this method might not be as transparent as you wish....

See, phishers have been using this approach for a while now, giving a URL like http : // www. paypal.com:securityzonealerts1234123412341235123412341234123412341234123412341234123412341234123412341234123412341234@phisherdomainname.phish/scriptkiddie
(spaces added so it doesn't turn into a URL)

This was a pretty slick way of faking the user out - most mouse-overs would only show part of the destination URL, and admiteddly it looked like it was paypal.com.

To address this, most browsers have a prompt telling users that you're attempting to log into a website via a username and password in the URL string.

Firefox, for example:

Title: Confirm
Prompt: You are about to log into the website "phisherdomainname.phish" with the username "www.paypal.com".
Options: Ok | Cancel

Depending on your browser, and it's freshness (this was a relatively recent update in IE-flavored browsers), you might run into a mess of confusing prompts for the user.

I'm not too sure if there's another workaround - but it's worth checking out.  What about a like-call using AJAX (read: rebranded tool du jour)... because it's not really called from the UI, but in between, you may be able to get around the prompts.

Again, theory - not tested... but there's always later tonight to give it a whirl.

HTH,

-Chris

Chris Toohey
http://www.dominoguru.com
0
 
Sjef BosmanGroupware ConsultantCommented:
Interesting! Finally my question answered about those weird lengthy URLs :) Thanks!
0
 
oost1346Author Commented:
Hi Guys,

The URL I'm talking about (with the Username & Password in it) will not be seen by end-users and be generated by the Firepass device. So it is possible to login to (for example my iNotes account) using http://username:password@<url> ???? Why is that not working with me?? Is the format I'm using wrong???

http://myaccount:thisisatest@domino1.mydomain.com/wa.nsf

Regards,

Bob
0
 
p_parthaCommented:
0
 
oost1346Author Commented:
Thanks...found the solution in your link...!!

Regards,

Bob
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now