Re: Securing a URL, Can it be done?

Thanks, but the request was just to remove the password from the visible URL.

To actually make it secure, passing the password in the URL is not really a good way to go about it. There are better authentication methods available.

Jared

On Fri, 25 Aug 2000, Oliver Artelt wrote:

>
> Hi,
>
> that's not secure because the password will be readable sent in the
> post-packet. You have to encrypt the password-userstring. Another thread here
> is discussing storing passwords encrypted in a table, maybe you can use an
> algorithm that's explained there.
>
> oli
>
> n Don, 24 Aug 2000, Jared Still wrote:
> > Change your method to post.
> >
> > e.g.
> >
> > <FORM method=get ACTION="sql_driver.cgi">
> >
> > would change to:
> >
> > <FORM method=post ACTION="sql_driver.cgi">
> >
> > Jared
> >
> >
> > On Thu, 24 Aug 2000, Peter Hazelton wrote:
> >
> > > Hello Everyone
> > >
> > > I have a report server set up on my machine where I am hosting some Oracle
> > > Reports. Say the connect string is the following:
> > >
> > > http://mymachine:port_num/dev60cgi/rwcgi60.exe?report=test.rdf+userid=user/password@
> > > hoststring+destype=cache+desfomat=HTML+server=SERVER_NAME
> > >
> > > This part works very well as I am able to run my report over my intranet no
> > > problem. The problem I am having is that I do not want my database
> > > username/password to show up in the URL as this poses an obvious security
> > > issue.
> > >
> > > My plan is to make a home page where people select their report to run, they
> > > click on the link and the report runs. But how do I make the link so that
> > > people do not see the connection information? I would appreciate any help
> > > you can give me.
> > >
> > > Peter
> > >
> > >
> > > ________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> > >
> > > --
> > > Author: Peter Hazelton
> > > INET: peterhazelton_at_hotmail.com
> > >
> > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > > San Diego, California -- Public Internet access / Mailing Lists
> > > --------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> > >
> >
> >
> > Jared Still
> > Certified Oracle DBA and Part Time Perl Evangelist ;-)
> > Regence BlueCross BlueShield of Oregon
> > jkstill_at_bcbso.com - Work - preferred address
> > jkstill_at_teleport.com - private
> >
> >
> > --
> > Author: Jared Still
> > INET: jkstill_at_bcbso.com
> >
> > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > San Diego, California -- Public Internet access / Mailing Lists
> > --------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> --
> ---
>
> Oliver Artelt, System- und Datenbankadministration
> ---------------------------------------------------------------
> cubeoffice GmbH & Co.KG # jordanstrasse 7 # 39112 magdeburg
> telefon: +49 (0)391 6 11 28 10 # telefax: +49 (0)391 6 11 28 10
> email: oli@cubeoffice.de # web: http://www.cubeoffice.de
> ---------------------------------------------------------------
>

Jared Still
Certified Oracle DBA and Part Time Perl Evangelist ;-) Regence BlueCross BlueShield of Oregon Received on Fri Aug 25 2000 - 10:23:38 CDT