1. Client authentification on that server is based on a form containing username and password fields using POST method and https. 2. I have no access to that server but a valid data pair username-password. I want to give access to my clients on that server using my account authentification data, but I don't want to let them see those data in browser's address bar or in the source page... So if anyone has idea about it please let me know. Thanks in advance!
Not really. To log the user in, the request must come from their computer. This request must contain the authentication details. You can't obscure the authentication details without obscuring it from the site you want them to log into, which would stop them from logging in. You could send them an auto-submitting form. This would make it harder but definitely not impossible for them to see your username and password.
Another option, (although I really don't think it would work) could be for you to log in as the client so that you get the session ID, then write the session ID for the new domain to the client. Many people have security settings which forbid this behaviour. Not really any help, but hope you find it worth while. Dave
Liviu Petcu
Greenhorn
Joined: Mar 09, 2003
Posts: 10
posted
0
Thanks David! ... of course the request must come from the users's computer, but I was thinking there is a way to append authentication details before seding the response via sendRedirect or something else...
0
