• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 427
  • Last Modified:

Pass Username and Password

I have a website that requires Username and Password to log in. Is it possible that I pass the username and password as arguments in the URL so that users are not asked for credentials?
0
ramziabk
Asked:
ramziabk
  • 3
  • 2
  • 2
  • +1
5 Solutions
 
aamodtCommented:
You need to use GET insted of POSTS on the login form.
But not recommendend since all get passed in clear text.

But it always will when you not using SSL.

http://example.com/login.php?user=test&pass=1234
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Short answer is yes.

Your question sounds like you are trying to work around your system.  I find workarounds are short term solutions leading to long term problems.    If you don't want a username and password, then change your serverside coding.   You could also set the credentials for being "logged in" to a cookie or session and either can expire in x minutes, hours, days...never.

I would suggest working on a better and more secure solution than adding a password to the url which is a security risk.
0
 
Chris StanyonCommented:
What security model are you using on the website (htaccess, CAPTCHA device etc.)- that will dictate how you can login. It may not be possible to just pass in a URL, and as has already been said - it's certainly not recommended!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ramziabkAuthor Commented:
Thanks for the information. However, There are no security threat here. It simply client access to a camera live streaming . No need to use authentication.
0
 
ramziabkAuthor Commented:
Plus note that there is a popup for the link.

This is my link below:

http://blomlive.dyndns.org:1130/

I tried adding user=test&pass=1234 but it didn't work.

Thanks
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
It would actually have been http://test:1234@blomlive.dyndns.org:1130/ I don't believe you can use that in urls anymore.   Since you don't care about security, just remove the password protection from the virtual folder you are accessing.
0
 
Chris StanyonCommented:
I can't even login manually with those details. You are using htaccess to protect the folder so padas is correct. You would login like this:

http://test:1234@blomlive.dyndns.org:1130/

if there's no need to use authentication then why use it?
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
ramziabk:

By grading the answers here a C, you are saying the answer is incomplete.  In order to award this grade, you should explain the reasoning and give us a chance to better help you.  Also know that sometimes the answer is there is no answer or it is an answer you may not like.

http://support.experts-exchange.com/customer/portal/articles/481419-what-grade-should-i-award-?b_id=44
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now