Username & Password in the URL

Hi Experts,

Is it possible to logon to a webbased notes application and give the username & password in the URL?

Regards,

Bob
oost1346Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sjef BosmanGroupware ConsultantCommented:
I suppose so. The login-screen can be modified, so it might be possible to fetch the username and password from the Query_String and trigger a POST.

Safety and security aren't such a big issue at your company??
0
oost1346Author Commented:
Hi Sjef,

I'm trying to implement a F5 Firepass SSL VPN solution which can SSO with a notes application. The Firepass will create the URL and will not be visible for the end-user....Yes....Safety an security is a issue (-:

Regards,

Bob
0
Sjef BosmanGroupware ConsultantCommented:
Ah! Splendid. The application to be used is browser-based, and not Notes? Hmm...

These questions may help you:
    http:Q_21630166.html "$$LoginUserForm"
    http:Q_21096979.html "Designing Login forms using domcfg.nsf"
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

p_parthaCommented:
http://username:password@<yournotesurl>

Partha
0
Sjef BosmanGroupware ConsultantCommented:
Partha, Bro, you never cease to amaze me... Where did you get that info from? Can't find it in the Help db's...
0
p_parthaCommented:
Oh it's been there for so long, btw that was my first question in EE..

Partha
0
ChrisTooheyCommented:
"http://username:password@<yournotesurl>"

Just a word of warning - this method might not be as transparent as you wish....

See, phishers have been using this approach for a while now, giving a URL like http : // www. paypal.com:securityzonealerts1234123412341235123412341234123412341234123412341234123412341234123412341234123412341234@phisherdomainname.phish/scriptkiddie
(spaces added so it doesn't turn into a URL)

This was a pretty slick way of faking the user out - most mouse-overs would only show part of the destination URL, and admiteddly it looked like it was paypal.com.

To address this, most browsers have a prompt telling users that you're attempting to log into a website via a username and password in the URL string.

Firefox, for example:

Title: Confirm
Prompt: You are about to log into the website "phisherdomainname.phish" with the username "www.paypal.com".
Options: Ok | Cancel

Depending on your browser, and it's freshness (this was a relatively recent update in IE-flavored browsers), you might run into a mess of confusing prompts for the user.

I'm not too sure if there's another workaround - but it's worth checking out.  What about a like-call using AJAX (read: rebranded tool du jour)... because it's not really called from the UI, but in between, you may be able to get around the prompts.

Again, theory - not tested... but there's always later tonight to give it a whirl.

HTH,

-Chris

Chris Toohey
http://www.dominoguru.com
0
Sjef BosmanGroupware ConsultantCommented:
Interesting! Finally my question answered about those weird lengthy URLs :) Thanks!
0
oost1346Author Commented:
Hi Guys,

The URL I'm talking about (with the Username & Password in it) will not be seen by end-users and be generated by the Firepass device. So it is possible to login to (for example my iNotes account) using http://username:password@<url> ???? Why is that not working with me?? Is the format I'm using wrong???

http://myaccount:thisisatest@domino1.mydomain.com/wa.nsf

Regards,

Bob
0
p_parthaCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oost1346Author Commented:
Thanks...found the solution in your link...!!

Regards,

Bob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.