• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Want send username and password in url in some secure manner

 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have to send username and password in my url in some secure manner so that no one can see that info.I am using post call.Please share some idea.
Thanks
sudhanshu
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64618
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSL
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:SSL

Sorry i dont know abt this.
What is this SSL??
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64618
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.


thanks bear...
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64618
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are using Tomcat, here's the "how to".
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?


Actually i am trying to launch an application fron other application.In this case I have two scenarios..

1. either both application are on same java server
2.or they are on different server

I am sending username and password to retrieve the data from the storage area (u can say a database) to show in my second java application.
If you need some more info than just inform me.

Thanks,
sudhanshu
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.


I dont think i can use SSL in my aaplication as it need some information to fill and also expiration thing..
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you ever sending the username and password to the browser?
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:Are you ever sending the username and password to the browser?


each time when i launch application(application launched in browser only) i am sending username and password using post and prob is anyone can see username and password in Browser URL
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben Souther wrote:If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.


So is there any other wayother than ssl for security or we have to implement something else
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You would have to implement something else.
Sending usernames and passwords down to the browser is never a secure way to do (SSO) single sign on.
 
Alpesh Padra
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can encrypttion and decryption mechanism for sending your user name/password.

If your method if get or post. No one can see your plaing username password.

Moreover. i remember once more option. you can encode your URL . I am not sure about it. but you can do some investigation.

Please correct me if i am wrong.
 
Prabhat Shankar
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can pass encrypted form of user id & password in url.

You can create temporary table in database for storing user id & password which you are sending to other application and instead of sending userID and password you can send the slno from table for that userId and password.
Tell that application to retrieve userID & password from table.


 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic