Re: Hiding usernames and passwords in URL

This WebDNA talk-list message is from

1998

It keeps the original formatting. numero = 21101
interpreted = N
texte = On 11/18/98 3:13 AM, Kimberly Wyrick wrote:>Thanks Bob...but unfortunately I can't make the decision to upgrade to 4.0,>therefore I am stuck with 3.0 for now. When you say let the browser carry>it, do you mean through a link? i.e.No, it can't be done with IIS 3.0. I did something a little different then. I would create a shopping cart for each authenticated user and hide the username and password inside the shopping cart. Then you don't have to pass it through the url or hold it in the browser. It actually has some security advantages over other methods and I believe is the preferred method on IIS, but I can't speak for anyone else. Their are also 2 shopping cart containers called username and password so you don't have to pass it into another field name.Basically it goes like thisUser logs in, if approved...You create the shopping cart and store the username and password in the shoppingcart.Then you pass the cart value through the url or in hidden fields. your checker dna then looks inside the cart, extracts the serial number and password and compares it to the database. You could do a test just to see if the cart exits and if not redirect them to a login but then you no longer know who they are. Its less processor intensive, but adequate.Its somewhat cumbersome, but very effective and advantageous in some respects. try it.Robert Minor___________________________________________________________________________CyberMill Communications voice 314-962-40248616 Joseph Ave http://www.cybermill.com/St. Louis, MO 63144 email: webmaster@cybermill.com___________________________________________________________________________Purveyors of fine Websites and Webhosting services. Associated Messages, from the most recent to the oldest:

Re: Hiding usernames and passwords in URL (Bob Minor 1998)
Re: Hiding usernames and passwords in URL (Kimberly Wyrick 1998)
Hiding usernames and passwords in URL (Kimberly Wyrick 1998)
Re: Hiding usernames and passwords in URL (PCS Technical Support 1998)
Re: Hiding usernames and passwords in URL (Bob Minor 1998)
Re: Hiding usernames and passwords in URL (Bob Minor 1998)

On 11/18/98 3:13 AM, Kimberly Wyrick wrote:>Thanks Bob...but unfortunately I can't make the decision to upgrade to 4.0,>therefore I am stuck with 3.0 for now. When you say let the browser carry>it, do you mean through a link? i.e.No, it can't be done with IIS 3.0. I did something a little different then. I would create a shopping cart for each authenticated user and hide the username and password inside the shopping cart. Then you don't have to pass it through the url or hold it in the browser. It actually has some security advantages over other methods and I believe is the preferred method on IIS, but I can't speak for anyone else. Their are also 2 shopping cart containers called username and password so you don't have to pass it into another field name.Basically it goes like thisUser logs in, if approved...You create the shopping cart and store the username and password in the shoppingcart.Then you pass the cart value through the url or in hidden fields. your checker dna then looks inside the cart, extracts the serial number and password and compares it to the database. You could do a test just to see if the cart exits and if not redirect them to a login but then you no longer know who they are. Its less processor intensive, but adequate.Its somewhat cumbersome, but very effective and advantageous in some respects. try it.Robert Minor___________________________________________________________________________CyberMill Communications voice 314-962-40248616 Joseph Ave http://www.cybermill.com/St. Louis, MO 63144 email: webmaster@cybermill.com___________________________________________________________________________Purveyors of fine Websites and Webhosting services. Bob Minor

DOWNLOAD WEBDNA NOW!

Re: Hiding usernames and passwords in URL

1998

Top Articles:

Related Readings: