Comments on: Login in with just url-arguments http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/ Joachim Dagerot on development and consulting Wed, 18 Aug 2010 04:14:06 +0200 http://wordpress.org/?v=2.8.6 hourly 1 By: Jafa http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-34510 Jafa Mon, 02 Nov 2009 07:33:58 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-34510 Hi You have one typo, REDIRECT shoud be REDIRECTTO. Now it's works nicely. Thank you. Hi

You have one typo, REDIRECT shoud be REDIRECTTO. Now it’s works nicely. Thank you.

]]> By: leo http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-34033 leo Fri, 25 Jul 2008 08:32:45 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-34033 Security ISSUE: For sure the names.nsf?Login&Username=ME&Password=Secret&redirect is NOT safe because it gets LOGGED on the domino server in the domlog. When someone opens this logfile and searches for the HTTP GETS your user credentials will become available to that person. SO DO NOT USE this method if you want to keep you user credentials safe. I am making a tool that keeps you credentials safe and still provide login automation. See: http://ezscript.nl Like Andrei suggested I am using the HTTP POST for login in (The POST data will NOT BE LOGGED by domino, so your credentials will be safe) thnx, Leo Security ISSUE:

For sure the names.nsf?Login&Username=ME&Password=Secret&redirect is NOT safe because it gets LOGGED on the domino server in the domlog.

When someone opens this logfile and searches for the HTTP GETS your user credentials will become available to that person.

SO DO NOT USE this method if you want to keep you user credentials safe.

I am making a tool that keeps you credentials safe and still provide login automation. See: http://ezscript.nl

Like Andrei suggested I am using the HTTP POST for login in (The POST data will NOT BE LOGGED by domino, so your credentials will be safe)

thnx, Leo

]]> By: Fast payday loans. http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-34028 Fast payday loans. Thu, 24 Jul 2008 02:38:09 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-34028 <strong>Payday loans payments news archive....</strong> Payday loans online. Payday loans. Long term payday loans.... Payday loans payments news archive….

Payday loans online. Payday loans. Long term payday loans….

]]> By: Joachim Dagerot http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-33900 Joachim Dagerot Mon, 24 Mar 2008 10:48:48 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-33900 @Andrei: A cool thing with doing a post instead, without using domcfg! @Andrei: A cool thing with doing a post instead, without using domcfg!

]]> By: Andrei Kouvchinnikov http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-33899 Andrei Kouvchinnikov Sun, 23 Mar 2008 15:18:31 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-33899 A slight error in the previous example.. POST /names.nsf?Login HTTP/1.1 Host: www.server.com A slight error in the previous example..
POST /names.nsf?Login HTTP/1.1
Host: http://www.server.com

]]> By: Andrei Kouvchinnikov http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-33898 Andrei Kouvchinnikov Sun, 23 Mar 2008 15:16:19 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-33898 And you also can logout using http://server/MyMailFile?logout To hide username and password in login request you can send them with POST request type instead. POST http://server/names.nsf?Login HTTP/1.1 Content-Type: application/x-www-form-urlencoded Username=ME&Password=Secret&redirect=MyMailFile And you also can logout using http://server/MyMailFile?logout

To hide username and password in login request you can send them with POST request type instead.
POST http://server/names.nsf?Login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Username=ME&Password=Secret&redirect=MyMailFile

]]> By: Joachim Dagerot http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-32352 Joachim Dagerot Thu, 14 Feb 2008 06:05:04 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-32352 You're welcome! :) You’re welcome! :)

]]> By: Andy Brunner http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-32290 Andy Brunner Wed, 13 Feb 2008 19:27:31 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-32290 Ups - You are right. I meant the old username:password login URL. Sorry :) Ups – You are right. I meant the old username:password login URL.

Sorry :)

]]> By: Joachim Dagerot http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-32250 Joachim Dagerot Wed, 13 Feb 2008 14:06:04 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-32250 No, that's incorrect. It does work for session based logins. Maybe you are mixing up this approach with the old username:password@http://server URL? No, that’s incorrect. It does work for session based logins. Maybe you are mixing up this approach with the old username:password@http://server URL?

]]> By: Andy Brunner http://www.dagerot.com/2008/02/13/login-in-with-just-url-arguments/comment-page-1/#comment-32249 Andy Brunner Wed, 13 Feb 2008 14:02:01 +0000 http://domino.dagerot.com/2008/02/13/login-in-with-just-url-arguments/#comment-32249 Well this works only for basic authentication (browser popup and not for the session authentication (with domcfg.nsf) Well this works only for basic authentication (browser popup and not for the session authentication (with domcfg.nsf)

]]>