All geek questions in one place

To get around the login screen, can you upload a link with a username and password?

I am relatively new to web development, and I was hoping I could get some guidance regarding the feature capability that I would like to implement. Is it possible to have a URL link that you can click that may contain the credentials for the website it is linking to bypass this website login screen?

In other words, can I make a link from my website to facebook, which will allow me to log in directly to my facebook from any computer? Sense, if I do not have cookies to store my login information, is it possible to log in again?

This is just a conceptual question, so any help would be appreciated! Thanks!

+4
source share
5 answers

One of the reasons why this is usually avoided is that web servers often store query string parameters in access logs. And, as a rule, you do not need files on your server with a long list of user names and passwords in clear text.

In addition, a query string containing a username and password can be used with a dictionary attack to guess the valid credentials.

Besides these problems, if the request is done via HTTPS , it would be safe during transit.

+3
source

You can pass parameters in the URL through a GET request on the server, but you need to understand that the request will most likely be made in clear text and therefore unlikely to be safe. There was a time when I had to program "silent" input using tokens, so this can be done in enterprise applications.

+1
source

You could do this, but most browsers no longer allow this. You can never do this using facebook just what the auth browser uses (the browser opens a username / pass dialog)

it was like this: http://username: pass@myprotectedresource.com

What you can do is hack some javascript in the link in which your username and password will be placed on the facebook login page. Not sure if this will work, because you may need to clear cookies / hidden fields from the login page itself.

+1
source

The site may be blocking you due to the absence of cookies or an invalid invalid or invalid HTTP server, but it may work if their security is low.

+1
source

While it is possible, it is the site (in this case Facebook) that accepts these values ​​in the query string. There are some security issues that need to be considered, and this is not done as a whole.

Although there are different options for single sign-on. This website uses OpenID for this.

0
source

Source: https://habr.com/ru/post/1307489/

More articles:


All Articles