bypassing web form hardcoding login and password

Discussion in 'Java' started by cgian31, Oct 20, 2005.

  1. cgian31

    cgian31 Guest

    I need to hide the complexity from users to access an information
    webpage, which is normally accessible after filling in a web
    form with the correct data.

    The address of the information webpage is like
    https://external.address.com/info.asp?<numeric code>
    where <numeric code> is a number generated by the server.

    This number (always different) is generated by the server only when you
    open the first web page in your browser, fill in the right values in 2
    fields (user, password) and click Login.

    Any advices?
     
    cgian31, Oct 20, 2005
    #1
    1. Advertising

  2. cgian31

    Oliver Wong Guest

    "cgian31" <> wrote in message
    news:...
    >I need to hide the complexity from users to access an information
    > webpage, which is normally accessible after filling in a web
    > form with the correct data.
    >
    > The address of the information webpage is like
    > https://external.address.com/info.asp?<numeric code>
    > where <numeric code> is a number generated by the server.
    >
    > This number (always different) is generated by the server only when you
    > open the first web page in your browser, fill in the right values in 2
    > fields (user, password) and click Login.
    >
    > Any advices?


    Are you in control of the source code for info.asp?

    - Oliver
     
    Oliver Wong, Oct 20, 2005
    #2
    1. Advertising

  3. cgian31

    cgian31 Guest

    no, it is the site of one our service provider. We have an account for
    our department (350 users) but plenty of people keep forgetting the
    password, so I would like to let them access through our intranet page,
    hardcoding login and password.
     
    cgian31, Oct 20, 2005
    #3
  4. cgian31

    Oliver Wong Guest

    "cgian31" <> wrote in message
    news:...
    > no, it is the site of one our service provider. We have an account for
    > our department (350 users) but plenty of people keep forgetting the
    > password, so I would like to let them access through our intranet page,
    > hardcoding login and password.


    You can try looking at the ACTION attribute of the form, and creating a
    similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.

    - Oliver
     
    Oliver Wong, Oct 20, 2005
    #4
  5. cgian31

    cgian31 Guest

    I have tried that, but when I post it just displays the original remote
    form without login and password values filled in!



    > You can try looking at the ACTION attribute of the form, and creating a
    > similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.
    >
    > - Oliver
     
    cgian31, Oct 20, 2005
    #5
  6. cgian31 wrote:

    > I have tried that, but when I post it just displays the original remote
    > form without login and password values filled in!


    Sheesh! Did you post to the log-in form's target,
    or the form itself?

    To solve this you need to get..
    - a book on HTML

    Once you can do it in HTML, you can do it in JSP.

    [ And if you have futher questions on this matter, please
    post them to an HTML forum, like..
    <http://groups.google.com/group/comp.infosystems.www.authoring.html> ]
     
    Andrew Thompson, Oct 20, 2005
    #6
  7. Andrew Thompson wrote:

    > post them to an HTML forum,


    or rather, Usenet Newsgroup,

    >.. like..
    > <http://groups.google.com/group/comp.infosystems.www.authoring.html> ]
     
    Andrew Thompson, Oct 20, 2005
    #7
  8. cgian31

    Oliver Wong Guest

    "Andrew Thompson" <> wrote in message
    news:rzT5f.23539$...
    > cgian31 wrote:
    >
    >> I have tried that, but when I post it just displays the original remote
    >> form without login and password values filled in!

    >
    > Sheesh! Did you post to the log-in form's target,
    > or the form itself?
    >
    > To solve this you need to get..
    > - a book on HTML
    >
    > Once you can do it in HTML, you can do it in JSP.


    It's conceivable the ASP form is doing something tricky like checking
    the browser reported referrer, or doing strange things with JavaScript, etc.

    A simpler, low tech solution might be to just post the password
    somewhere on your intranet website (this has about the same security as
    hardcoding it into an HTML form anyway). Then people can just read the
    password and login.

    - Oliver
     
    Oliver Wong, Oct 20, 2005
    #8
  9. cgian31

    cgian31 Guest

    OK, got the message, thanks anyway for your help.

    > It's conceivable the ASP form is doing something tricky like checking
    > the browser reported referrer, or doing strange things with JavaScript, etc.
    >
    > A simpler, low tech solution might be to just post the password
    > somewhere on your intranet website (this has about the same security as
    > hardcoding it into an HTML form anyway). Then people can just read the
    > password and login.
    >
    > - Oliver
     
    cgian31, Oct 20, 2005
    #9
  10. cgian31 wrote:
    > OK, got the message, thanks anyway for your help.


    Maybe someone at some microsoftish group could help you, it's after all
    a microsoftish url we are looking at ...

    We are ofcourse flattered that you went to a java group for help first :)

    --
    jon martin solaas
     
    Jon Martin Solaas, Oct 21, 2005
    #10
  11. cgian31

    cgian31 Guest

    The thing is that it is not my website I am trying to bypass. And since
    I am better at Java I thought maybe I can do something with it to
    compile a generic form!

    >
    > We are ofcourse flattered that you went to a java group for help first :)
    >
    > --
    > jon martin solaas
     
    cgian31, Oct 21, 2005
    #11
  12. cgian31

    Oliver Wong Guest

    "cgian31" <> wrote in message
    news:...
    > The thing is that it is not my website I am trying to bypass. And since
    > I am better at Java I thought maybe I can do something with it to
    > compile a generic form!


    Unless JSP is somehow getting involved, I don't think there's a
    compilation step in writing an HTML form with the inputs pre-filled-out.

    - Oliver
     
    Oliver Wong, Oct 21, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gyruss
    Replies:
    6
    Views:
    4,143
    Kenneth P. Turvey
    Jun 20, 2005
  2. cgian31
    Replies:
    1
    Views:
    394
  3. cgian31
    Replies:
    0
    Views:
    268
    cgian31
    Oct 20, 2005
  4. cgian31
    Replies:
    4
    Views:
    163
    McKirahan
    Oct 25, 2005
  5. cgian31
    Replies:
    0
    Views:
    98
    cgian31
    Oct 20, 2005
Loading...

Share This Page