Results 1 to 5 of 5

Thread: Looking for programming pointers- bypassing authentication

  1. #1
    Just burned his ISO
    Join Date
    May 2007
    Posts
    15

    Red face Looking for programming pointers- bypassing authentication

    Hi guys,

    We have obtained a corporate account for BSI standards available here: BSOL Subscriber Login: bsi-global_com
    The need is to create a front webpage and let our user community access it transparently without having to enter the corporate assigned username and password. How should I pass the credentials? How should I catch and transfer the Postdata? Should I know the pages the login takes me through before it lands into the assigned page?

    The need for doing this is to not let the corporate usernames and password be known to all our employees and maintain the administrative overheads associated with recurrent password changes and disclosure of the same to other outside personnel.

    Pls advise!!

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Maybe you should just mirror the content onto one of your servers and update it regularly.
    Tiocfaidh ár lá

  3. #3
    Just burned his ISO
    Join Date
    May 2007
    Posts
    15

    Default

    Thanks Dave.

    The content is huge, with over 2000 papers and moreover, we ae not subscribed to read all paper online. Thereis pre-approval mechanism where the site administrator approves purchse of the standrad and only then the content is available for download.

    A good suggestion but the structure of the site doesn't make it seem plausible.

    I have done it for another such site before but the issue is, this site doesn't seem to work that way by editing the username and password into the URL directly.

  4. #4
    Just burned his ISO
    Join Date
    May 2009
    Posts
    14

    Default

    You should probably ask the company that you have a subscription with. Most companies have documentation for accessing subscriber data.

    Appending a string with usernames and passwords on it is the wrong approach. You'll have clients sharing links with usernames and passwords displayed, and then you'll see your links on Google, eventually.

    The best approach is to open and close sessions in PHP or ColdFusion using the UUID (unique ID). Hide your POST and GET commands from end-users. It's also helpful to see who is sharing accounts - create a MySQL/PostgreSQL table to track UUID's, IP addresses, accounts, sessions, accessed files, etc.

  5. #5
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Maybe an LDAP implementation would fit? (I'm still not getting the big picture on what you're trying to do)
    dd if=/dev/swc666 of=/dev/wyze

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •