Question regarding bypassing security

T

tim almond

I currently have a system where the client has a login page which has a
SQL server database behind it and does authentication.

The client wants to have a page which can be logged into by passing a
user ID/password into the URL. I also need the system to say that if
there is no user ID/password, it needs to check the session status.

The best approach I can think of is to drop any role requirements off
this page but when the page load, manually do a check on the login
credentials passed in the URL against the database and if OK (or if
there is already a session), create a session and continue.

Any other cleverer ideas than that?

Thanks in advance.
 
R

Robbe Morris [C# MVP]

That is a HUGE security risk. So much so that microsoft.com
won't let you authenticate to windows like that anymore.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Script works fine on test server but not on production server 3
security... 0
Survey details won't go through using php, ajax, Mysql 0
Registration Form 7
winform security: strange error, where as I expected a redirect 2
A simple security question 5
Please, help me. 1

Members online

Total: 39 (members: 1, guests: 38)
Robots: 438

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,049
Latest member
Allen00Reed

Latest Threads

Top