绕过登录页面 [英] bypassing login page

查看:519
本文介绍了绕过登录页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有办法将用户名和密码从html链接传递到jsf页面,通过登录页面

Is there any way to pass username and password from html link to jsf page to by pass the login page

推荐答案

假设您正在使用会员资格,那么可能不会:如果您的用户未登录,则会员系统将自动重定向到拒绝访问登录页面 - 将原始URL作为查询字符串传递,以便您可以将用户返回到该页面。这会用您的用户ID和密码覆盖原始查询字符串,这样您就无法登录...



如果您不使用会员资格,那么是,您可以在登录用户的主页/每个页面中查看,如果没有,则检查查询字符串是否有登录ID。但是......与会员系统相比,你失去了很多安全性,并且还开始鼓励用户以明文形式广播密码,可以在浏览器窗口顶部阅读...



总的来说,我不会这样做。
Assuming you are using Membership, then probably not: if your user isn't logged in then the Membership system will do an auto redirect to the access denied login page - passing the original URL as the query string so you can return the user there. This overwrites the original query string with your userid and password so you can't get at them to log in...

If you aren't using membership then yes, you could check in your masterpage / every page for a logged in user and if not check the query string for a login id. But...you lose a lot of security that way compared with the Membership system, and also start encouraging your users to broadcast passwords in clear text that can be read at the top of their browser window...

On balance, I wouldn't do it.


这篇关于绕过登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆