Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Java (http://www.velocityreviews.com/forums/f30-java.html)
-   -   bypassing web form hardcoding login and password (http://www.velocityreviews.com/forums/t147092-bypassing-web-form-hardcoding-login-and-password.html)

cgian31 10-20-2005 07:00 PM

bypassing web form hardcoding login and password
 
I need to hide the complexity from users to access an information
webpage, which is normally accessible after filling in a web
form with the correct data.

The address of the information webpage is like
https://external.address.com/info.asp?<numeric code>
where <numeric code> is a number generated by the server.

This number (always different) is generated by the server only when you
open the first web page in your browser, fill in the right values in 2
fields (user, password) and click Login.

Any advices?


Oliver Wong 10-20-2005 07:18 PM

Re: bypassing web form hardcoding login and password
 

"cgian31" <cgian31@katamail.com> wrote in message
news:1129834848.057362.173410@f14g2000cwb.googlegr oups.com...
>I need to hide the complexity from users to access an information
> webpage, which is normally accessible after filling in a web
> form with the correct data.
>
> The address of the information webpage is like
> https://external.address.com/info.asp?<numeric code>
> where <numeric code> is a number generated by the server.
>
> This number (always different) is generated by the server only when you
> open the first web page in your browser, fill in the right values in 2
> fields (user, password) and click Login.
>
> Any advices?


Are you in control of the source code for info.asp?

- Oliver



cgian31 10-20-2005 07:39 PM

Re: bypassing web form hardcoding login and password
 
no, it is the site of one our service provider. We have an account for
our department (350 users) but plenty of people keep forgetting the
password, so I would like to let them access through our intranet page,
hardcoding login and password.


Oliver Wong 10-20-2005 08:06 PM

Re: bypassing web form hardcoding login and password
 
"cgian31" <cgian31@katamail.com> wrote in message
news:1129837149.813158.68690@z14g2000cwz.googlegro ups.com...
> no, it is the site of one our service provider. We have an account for
> our department (350 users) but plenty of people keep forgetting the
> password, so I would like to let them access through our intranet page,
> hardcoding login and password.


You can try looking at the ACTION attribute of the form, and creating a
similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.

- Oliver



cgian31 10-20-2005 08:47 PM

Re: bypassing web form hardcoding login and password
 
I have tried that, but when I post it just displays the original remote
form without login and password values filled in!



> You can try looking at the ACTION attribute of the form, and creating a
> similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.
>
> - Oliver



Andrew Thompson 10-20-2005 09:00 PM

Re: bypassing web form hardcoding login and password
 
cgian31 wrote:

> I have tried that, but when I post it just displays the original remote
> form without login and password values filled in!


Sheesh! Did you post to the log-in form's target,
or the form itself?

To solve this you need to get..
- a book on HTML

Once you can do it in HTML, you can do it in JSP.

[ And if you have futher questions on this matter, please
post them to an HTML forum, like..
<http://groups.google.com/group/comp.infosystems.www.authoring.html> ]

Andrew Thompson 10-20-2005 09:02 PM

Re: bypassing web form hardcoding login and password
 
Andrew Thompson wrote:

> post them to an HTML forum,


or rather, Usenet Newsgroup,

>.. like..
> <http://groups.google.com/group/comp.infosystems.www.authoring.html> ]


Oliver Wong 10-20-2005 09:09 PM

Re: bypassing web form hardcoding login and password
 

"Andrew Thompson" <seemysites@www.invalid> wrote in message
news:rzT5f.23539$U51.15698@news-server.bigpond.net.au...
> cgian31 wrote:
>
>> I have tried that, but when I post it just displays the original remote
>> form without login and password values filled in!

>
> Sheesh! Did you post to the log-in form's target,
> or the form itself?
>
> To solve this you need to get..
> - a book on HTML
>
> Once you can do it in HTML, you can do it in JSP.


It's conceivable the ASP form is doing something tricky like checking
the browser reported referrer, or doing strange things with JavaScript, etc.

A simpler, low tech solution might be to just post the password
somewhere on your intranet website (this has about the same security as
hardcoding it into an HTML form anyway). Then people can just read the
password and login.

- Oliver



cgian31 10-20-2005 09:21 PM

Re: bypassing web form hardcoding login and password
 
OK, got the message, thanks anyway for your help.

> It's conceivable the ASP form is doing something tricky like checking
> the browser reported referrer, or doing strange things with JavaScript, etc.
>
> A simpler, low tech solution might be to just post the password
> somewhere on your intranet website (this has about the same security as
> hardcoding it into an HTML form anyway). Then people can just read the
> password and login.
>
> - Oliver



Jon Martin Solaas 10-21-2005 05:05 AM

Re: bypassing web form hardcoding login and password
 
cgian31 wrote:
> OK, got the message, thanks anyway for your help.


Maybe someone at some microsoftish group could help you, it's after all
a microsoftish url we are looking at ...

We are ofcourse flattered that you went to a java group for help first :-)

--
jon martin solaas


All times are GMT. The time now is 01:33 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.