Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / October 2005

Tip: Looking for answers? Try searching our database.

bypassing web form hardcoding login and password

Thread view: 
Enable EMail AlertsStart New Thread
cgian31 - 20 Oct 2005 20:00 GMT
I need to hide the complexity from users to access an information
webpage, which is normally accessible after filling in a web
form with the correct data.

The address of the information webpage is like
https://external.address.com/info.asp?<numeric code>
where <numeric code> is a number generated by the server.

This number (always different) is generated by the server only when you
open the first web page in your browser, fill in the right values in 2
fields (user, password) and click Login.

Any advices?
Reply to this Message
Oliver Wong - 20 Oct 2005 20:18 GMT
>I need to hide the complexity from users to access an information
> webpage, which is normally accessible after filling in a web
[quoted text clipped - 9 lines]
>
> Any advices?

   Are you in control of the source code for info.asp?

   - Oliver
Reply to this Message
cgian31 - 20 Oct 2005 20:39 GMT
no, it is the site of one our service provider. We have an account for
our department (350 users) but plenty of people keep forgetting the
password, so I would like to let them access through our intranet page,
hardcoding login and password.
Reply to this Message
Oliver Wong - 20 Oct 2005 21:06 GMT
> no, it is the site of one our service provider. We have an account for
> our department (350 users) but plenty of people keep forgetting the
> password, so I would like to let them access through our intranet page,
> hardcoding login and password.

   You can try looking at the ACTION attribute of the form, and creating a
similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.

   - Oliver
Reply to this Message
cgian31 - 20 Oct 2005 21:47 GMT
I have tried that, but when I post it just displays the original remote
form without login and password values filled in!

>     You can try looking at the ACTION attribute of the form, and creating a
> similar form with <INPUT TYPE="HIDDEN"> with the values pre-filled in.
>
>     - Oliver
Reply to this Message
Andrew Thompson - 20 Oct 2005 22:00 GMT
> I have tried that, but when I post it just displays the original remote
> form without login and password values filled in!

Sheesh!  Did you post to the log-in form's target,
or the form itself?

To solve this you need to get..
- a book on HTML

Once you can do it in HTML, you can do it in JSP.

[ And if you have futher questions on this matter, please
post them to an HTML forum, like..
<http://groups.google.com/group/comp.infosystems.www.authoring.html> ]
Reply to this Message
Andrew Thompson - 20 Oct 2005 22:02 GMT
> post them to an HTML forum,

or rather, Usenet Newsgroup,

>.. like..
> <http://groups.google.com/group/comp.infosystems.www.authoring.html> ]
Reply to this Message
Oliver Wong - 20 Oct 2005 22:09 GMT
>> I have tried that, but when I post it just displays the original remote
>> form without login and password values filled in!
[quoted text clipped - 6 lines]
>
> Once you can do it in HTML, you can do it in JSP.

   It's conceivable the ASP form is doing something tricky like checking
the browser reported referrer, or doing strange things with JavaScript, etc.

   A simpler, low tech solution might be to just post the password
somewhere on your intranet website (this has about the same security as
hardcoding it into an HTML form anyway). Then people can just read the
password and login.

   - Oliver
Reply to this Message
cgian31 - 20 Oct 2005 22:21 GMT
OK, got the message, thanks anyway for your help.

>     It's conceivable the ASP form is doing something tricky like checking
> the browser reported referrer, or doing strange things with JavaScript, etc.
[quoted text clipped - 5 lines]
>
>     - Oliver
Reply to this Message
Jon Martin Solaas - 21 Oct 2005 06:05 GMT
> OK, got the message, thanks anyway for your help.

Maybe someone at some microsoftish group could help you, it's after all
a microsoftish url we are looking at ...

We are ofcourse flattered that you went to a java group for help first :-)

Signature

jon martin solaas

Reply to this Message
cgian31 - 21 Oct 2005 07:06 GMT
The thing is that it is not my website I am trying to bypass. And since
I am better at Java I thought maybe I can do something with it to
compile a generic form!

> We are ofcourse flattered that you went to a java group for help first :-)
Reply to this Message
Oliver Wong - 21 Oct 2005 16:19 GMT
> The thing is that it is not my website I am trying to bypass. And since
> I am better at Java I thought maybe I can do something with it to
> compile a generic form!

   Unless JSP is somehow getting involved, I don't think there's a
compilation step in writing an HTML form with the inputs pre-filled-out.

   - Oliver
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.