[Web4lib] creating a link that bypasses username and password page
Chris Murphy
chrism at thecommunitylibrary.org
Mon Jul 10 15:11:47 EDT 2006
Thomas Dowling wrote:
>>> ...
>> You may be able to create a dummy page with the relevant login info
>> hidden from the user but contained in the HTML.
>
> It strikes me that none of the suggestions for dealing with this are any
> less secure than a web page saying, "On the next page, login with the
> user name 'foo' and the password 'bar'". Anyone with the slightest
> interest is going to grab the login credentials anyway.
True. My use of the technique was only for making life easier for the
user--a click of a button (or an immediate redirect) being easier than
typing a user name and password.
Note I never mentioned "secure". Hopefully the web page would be served
only in-house, thus only library patrons would potentially view the code
with the password, etc.
In fact, password security at this level is undesirable for us. In our
library we have business cards with the passwords placed next to the
monitor as well as a card attached to the monitor itself. We want our
patrons to know the passwords to encourage their use of our online links
(which do need passwords or library card numbers).
Regards,
Chris Murphy
--
Christopher Murphy
Information Systems Manager
The Community Library, Ketchum, Idaho
chrism at thecommunitylibrary.org
http://www.thecommunitylibrary.org
208.726.3493 x111
More information about the Web4lib
mailing list