Prevent passing Username and Password in URL in Domino web app

Windows Server
Session Authentication enabled w/ custom login form

How does Domino process the following URL?

I need to disable this type of redirect. Without the Username and Password params, my login form is used where i can strip the query string accordingly, but with those params in there, it appears my login form isn't being used and i don't know how Domino is processing this.

Who is Participating?
mike_allredConnect With a Mentor Author Commented:

I opened a PMR and found out about the "DominoDisableRedirectTo" notes.ini variable introduced in R7.0.4 that "disables" the "RedirectTo" query string functionality.
The only difference when you enable session based authentication is that name & password are sent only once, at the beginning of client's session (and from then on stored in a cookie), but it's, nevertheless, sent unencrypted in the URL.

Read this:

The solution is to enable SSL:
mike_allredAuthor Commented:
Ok, let me clarify a bit.

We have an app in development.  Part of our development process is to do security scans and one of the items that was identified was the ability to redirect a user with the following URL:

I need to disable/prevent this type of redirection.

What i know:  
1.  If i remove any part of "&Username" or "&Password", the url doesn't authenticate automatically and i get my custom login form where the redirect isn't processed.
2.  If i remove any part of "&RedirectTo", the url does authenticate but the redirect isn't processed.

What i don't know/what I would like to know:
1.  How does domino "process" this url to automatically log the user in and perform the redirect?  It doesn't seem to use my custom login form.
2.  Can i prevent this redirect behavior?

Hope this clarifies a bit more

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.