Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Redirect  RSS feed

 
Liviu Petcu
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My problem is: Client access to a server

1. Client authentification on that server is based on a form containing username and password fields using POST method and https.
2. I have no access to that server but a valid data pair username-password.
I want to give access to my clients on that server using my account authentification data, but I don't want to let them see those data in browser's address bar or in the source page...
So if anyone has idea about it please let me know.
Thanks in advance!
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not really.
To log the user in, the request must come from their computer. This request must contain the authentication details. You can't obscure the authentication details without obscuring it from the site you want them to log into, which would stop them from logging in.
You could send them an auto-submitting form. This would make it harder but definitely not impossible for them to see your username and password.

Another option, (although I really don't think it would work) could be for you to log in as the client so that you get the session ID, then write the session ID for the new domain to the client.
Many people have security settings which forbid this behaviour.
Not really any help, but hope you find it worth while.
Dave
 
Liviu Petcu
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks David!
... of course the request must come from the users's computer, but I was thinking there is a way to append authentication details before seding the response via sendRedirect or something else...
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!