通过URL传递密码值 [英] Passing password value through URL
问题描述
好吧,我看到很多人问如何通过URL传递其他值,URL,随机内容,但没有发现向密码字段发送密码的任何信息.
OK I see a lot of people asking about passing other values, URLS, random stuff through a URL, but don't find anything about sending a password to a password field.
这是我的情况:
我每天在工作中都会使用大量网站,大约90%的用户需要登录.显然,记住每个站点80亿个登录都是愚蠢的,尤其是当我为每个站点使用多个用户名时.为了使生活更轻松,我草拟了一个漂亮的JSP应用程序,该应用程序将我所有的登录信息存储在一个DB表中,并为我要访问的特定页面创建了一个用户界面.每个页面都有一个按钮,用于将用户名和密码发送到html输入的id参数中.
I have a ton of sites I use on a daily basis with my work and oh about 90% require logins. Obviously remembering 80 bajillion logins for each site is dumb, especially when there are more than one user name I use for each site. So to make life easier, I drew up a nifty JSP app that stores all of my logins in a DB table and creates a user interface for the specific page I want to visit. Each page has a button that sends a username, password into the id parameters of the html inputs.
问题:
我可以得到用户名和其他信息来显示花花公子,但是当我尝试将密码发送到密码字段时,我尝试访问的页面似乎什么也没收到.
I can get the usernames and other info to show up just dandy, but when I try and send a password to a password field, it seems that nothing gets received by the page I'm trying to hit.
在这里我需要做一些忍者的事情吗?还是不容易做到?
Is there some ninja stuff I need to be doing here or is it just not easily possible?
基本上这就是我现在要做的:
Basically this is what I do now:
和我的一些html看起来像这样:
and some of my html looks like this:
<form name="userform" method="post" action="index.jsp" >
<input type="hidden" name="submit_login" value="y">
<table width="100%">
<tr class="main">
<td width="100" nowrap>Username:</td>
<td><input type="text" name="loginname" value="" size="30" maxlength="64"></td>
</tr>
<tr class="main">
<td>Password: </font></td>
<td><input type="password" name="loginpass" value="" size="30" maxlength="64"></td>
</tr>
<tr class="main">
<td><center><input type="submit" name="submit" value="Login"></center></td>
</tr>
</table>
</form>
有什么建议吗?
推荐答案
史蒂文(Steven)
Steven,
AFAIK,大多数浏览器不会传递POST或GET数据来使用type = password预先填充表单字段,因为这确实使机器人更容易使用.此外,大多数站点都将对此加以保护.当您看到它已被预先填充时,通常是您的浏览器保存了客户端的密码,然后为您填充了密码-此信息永远不会在网上泄漏.希望您了解在向远程服务器发送请求时以纯文本形式发送用户名和密码的安全隐患.
AFAIK, most browsers will not pass POST or GET data to prefill a form field with type=password, as it really just makes things even easier for bots. Further, most sites will protect against this. When you see it prefilled, it's usually your browser saving the password client-side and then filling the password for you - this information never goes out over the net. Hopefully you understand the security implications of sending your username and password in plaintext on a request to a remote server.
由于浏览器内置的功能似乎并没有为您完成任务(也许是从多台计算机进行密码访问),因此您更可能需要的是一种浏览器扩展程序,该扩展程序支持为您存储这些密码,并且将通过JS或客户端进行插入.不认可任何特定产品,但下面是一个示例: https://addons.mozilla .org/en-US/firefox/addon/8542 .当然,这意味着您的密码存储在其他人的服务器上,这可能是您要避免的事情.
Since what's built into browsers already doesn't seem to be doing the job for you (password access from multiple computers, perhaps?) what you're more likely looking for is a browser extension that supports storing those passwords for you and will do the insertion via JS or something client-side. Not endorsing any particular product, but here's an example: https://addons.mozilla.org/en-US/firefox/addon/8542. This of course means your passwords are stored on someone else's servers, though, which may be something you want to avoid.
如果您希望或需要完全控制这些数据,那么您可能要看的另一种产品是keepass(我将它用作存储在USB密钥上的数据库,不仅用于网站,而且还用于我拥有的所有密码): http://www.keepass.info
If you want or need total control of that data, another product you might look at is keepass (which I use as a DB stored on a USB key for not only web sites, but passwords for just about everything I have): http://www.keepass.info
这篇关于通过URL传递密码值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
