I agree with you that hard coded id's and PW's in URL's need to be closely managed...The only statement I was contending was
"You must have the server configured to Allow Guest Users. Also the login must not match any existing login id's or it will not work." Based on what I was reading in the thread...and your statement, I took your statement to say that the only way ID and Password in the URL will bypass the login page is if you had the server configured as you suggest and I wanted to ensure that you, but specifically Aditya C didn't think you needed to have the server configured as you specify in order to bypass the login page. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Sent: Monday, April 27, 2009 2:38 PM To: [email protected] Subject: Re: Pass Login credentials to Midtier LJ, I guess I'm having a hard time getting my point across. We do not pass a password (violation of corporate security) in a link within an email. If they don't have an account, they login as a Guest. We do this with multiple accounts and forms. We do this for look up with in our Log Call, Surveys and Approvals forms. Using this method we use very few 'Service' accounts. If the person has an account they will be prompted with a login. If they have an account then they are Support people that should be logging in with the correct permissions. ------Original Message------ From: LJ Longwing To: Arslist ReplyTo: Arslist Subject: Re: Pass Login credentials to Midtier Sent: Apr 27, 2009 4:07 PM ** I use the id and PW for existing 'service' accounts all the time, and I even have one URL out there for an Admin user account. If setup properly, I have never had the login page displayed when I provide a proper ID and password on the URL. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Sent: Monday, April 27, 2009 1:49 PM To: [email protected] Subject: Re: Pass Login credentials to Midtier ** LJ, If they are using an existing User record with a read license you are correct. However if the server is configured to Allow Guest Users, then their normal network login will work even if they do not have an AR System account. When configured that way a password is not needed. We use this method all the time for Customers to be able to look at their tickets. However if the login does match some one with a User record then they will be required to login and the login screen will be presented. Dave From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of LJ Longwing Sent: Monday, April 27, 2009 9:26 AM To: [email protected] Subject: Re: Pass Login credentials to Midtier ** David, I'm sorry...but that is just plain wrong. You don't need to have your server configured to allow guests, and you don't need to log on as a guest to have the id and password passed on the URL. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Dave ------------------------- [email protected] (Wireless) _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:[email protected] ARSlist: "Where the Answers Are"
