[Web4lib] creating a link that bypasses username and password page

Chris Murphy chrism at thecommunitylibrary.org
Mon Jul 10 15:11:47 EDT 2006


Thomas Dowling wrote:
>>> ...
>> You may be able to create a dummy page with the relevant login info
>> hidden from the user but contained in the HTML.
> 
> It strikes me that none of the suggestions for dealing with this are any
> less secure than a web page saying, "On the next page, login with the
> user name 'foo' and the password 'bar'".  Anyone with the slightest
> interest is going to grab the login credentials anyway.

True. My use of the technique was only for making life easier for the 
user--a click of a button (or an immediate redirect) being easier than 
typing a user name and password.

Note I never mentioned "secure". Hopefully the web page would be served 
only in-house, thus only library patrons would potentially view the code 
with the password, etc.

In fact, password security at this level is undesirable for us. In our 
library we have business cards with the passwords placed next to the 
monitor as well as a card attached to the monitor itself. We want our 
patrons to know the passwords to encourage their use of our online links 
(which do need passwords or library card numbers).

Regards,

Chris Murphy

-- 
Christopher Murphy
Information Systems Manager
The Community Library, Ketchum, Idaho
chrism at thecommunitylibrary.org
http://www.thecommunitylibrary.org
208.726.3493 x111


More information about the Web4lib mailing list