[Web4lib] creating a link that bypasses username and password page

Thomas Dowling tdowling at ohiolink.edu
Mon Jul 10 12:31:44 EDT 2006


On 7/10/2006 11:59 AM, Chris Murphy wrote:

> John Fitzgibbon wrote:
>> ...
>> We wish to add a button, in WinU, that launches Internet Explorer but
>> opens a page that is password protected. We are legally entitled to use
>> this page from within our library.
>>
>> We know the web page that 'acts' on the form. It uses the http protocol,
>> not SSL. The form uses the post method. We know the field names for user
>> name and password and what the values for those fields should be.
>>
>> Can this information be included in the parameter line or alternatively
>> can it be embedded in the URL?
> 
> You may be able to create a dummy page with the relevant login info
> hidden from the user but contained in the HTML.



It strikes me that none of the suggestions for dealing with this are any
less secure than a web page saying, "On the next page, login with the
user name 'foo' and the password 'bar'".  Anyone with the slightest
interest is going to grab the login credentials anyway.


-- 
Thomas Dowling
tdowling at ohiolink.edu



More information about the Web4lib mailing list