I'd very much like a qr code that does the following thing when being scanned, e.g. with a camera on the new IOS 11:
Go to a specific website
Enter login information on that website, including username and password. It should not press the actual login button.
As far as I understand scanning a QR code basically mimics the keyboard, as such I'd assume this to be possible. However, the websites I use to generate a QR code can only generate one for a website, and I am not able to find anyone who have tried this problem before.
I thought that a potential way to do this would be to keep everything in the URL string and then redirect it to a script that automatically parses information into the login boxes, depending on the URL string. However, to be frank I am fairly lost on this.
Any and all help is appreciated.
QR codes do not mimic the keyboard. They contain data. When you scan a QR code, it may have a URL in it, such as http://example.com. Your phone then automatically opens this URL in your web browser. Therefore, it is not possible to embed username and password data into a QR code which can be used on any website.
Also, this would create a huge security risk as anyone could scan the QR code and get your login details!
As pointed out by the comments, it is technically possible to put the username and password in the url, or even to embed an OAuth token, but this would be like sticking your front door keys to your front door.
You can do exactly this way....
eg: http://domainname.com/getAuth.php?id=1234
That will read the id from DB and get user and password and redirect to another page with username and password in result page. So we do not need to pass credentials over url.
But it should be separate QR codes anyway...
Without any security risk you can do it.
In your QR, you need to mention a ID related to your user AUTH.
NOTE: It will work on scenarios like Wi-fi cards etc...since it will be personal/unique to buyer.
Related
i'm making a scraper system... it's a challange by my teacher.
The idea is make a mobile app to do and store a class register, this way make possible to the teacher do your job into your smartphone and upload this data later.
We dont have access to college system, but we are imagining this scenario:
The App receive the data like Username and Password through your own graphic interface and make a login request to College WebSite simulating a human user.
The problem is know how to pass the login data by POST into the system... because the URL doesn't show the parameter entries like:
http://website.com/login.php?name=user
I'm looking for some idea... that help me to see the login parameters used in the browser request on the login process, after that i wanna try to loggin into the system by using URL parameters if possible or some other way.
the website is:
https://www.sigacentropaulasouza.com.br/fatec/login.aspx
UPDATED!!!
i'd a firebug installation into my browser and i saw something interesting in the Network Console of this plugin:
In the header, i saw something like:
Refer = https://www.sigacentropaulasouza.com.br/fatec/login.aspx?MyUserName,MyPassWord
so... i've trying to access my profile page by passing this URL into my browser.
Without Success!
I think... because this page uses the HTTPS probably?!
Any idea?
I have an ASP.net web page that should only be accessible should the user enter a valid Pin number on the welcome page. They shouldn't be able to simply access the page by typing in the URL in their browser, for example.
Flow: User visits web page. User enters their Pin on the welcome page.
If Pin is valid, user is redirected to the page in question.
If Pin is invalid, show an error message stating that the Pin is invalid.
Okay, right now I have it set up so that they are redirected to the page if the Pin they enter is correct. Problem is, this doesn't negate them from being able to enter the URL in their browser or otherwise access the page. Of course, I could make the URL long and obfuscated, but this doesn't seem to me secure.
I have a lot of ideas of how to make the page secure. The best example, is creating an obfuscated unique URL based off of their Pin, that redirects to the page in question, but I'm not sure how to accomplish this within the ASP.net realm. It seems like there are methods, properties, or just in general coding techniques that should be built in to .net which handle this, since it is so common. I just don't know about them, personally.
Also, I would like to make the connection to this page secure, perhaps using Https or some other security method. Maybe this is best left to another question.
I dont want to sound harsh here but what you want to accomplish, should be based on proper security. I would start with these tutorials and make my way from there http://www.asp.net/web-forms/tutorials/security
In short you could contain and restrict the user by logging onto the site, database security etc. This would give you further control and allow future updates and or add additional security methods if required.
Hope this helps
I'm building a Membership site using wordpress and Membership Plugin .
The site is still on my localhost. I did some trial sign ups and it worked perfectly well. But I noticed that, I can use even a fake email address such as xyz#gmail.com or something to sign up and create an account. So that's the problem. I don't know how this will work when I moved the site to my server.
But do you guys think this is a security hole ?
And what can I do for this as a solution ?
Here's what I suggest:
On the registration page, add a field where users need to enter a special code to complete registration and make the code as an image (or at least as something robots cannot process easy). This will prevent robots from constantly signing up to new accounts with bogus information.
Next, perform basic email validation to make sure the format is correct.
Next, strip the email address the user entered and verify the domain part is correct and if it is, have your server automatically send an email to the new account holder asking him/her to return to a special section of the site where he/she enters a special registration code assigned to him/her to complete registration.
Also, to save database space (I'm assuming registration info will be stored in one), ask users to complete registration within a limited time period or they will have to start over. If the time is up then relevant data from the database can be removed. I suggest setting the time period to at least one day.
If you are unable to do this, then you may need to find a better plugin that has the functionality I described.
And whatever you do, play with the website on localhost and make as few modifications on the live server as possible. This means make all changes at once on localhost if you can then upload everything at once to the live server.
I am trying to generate QR codes for each of my customers. Each QR code would create an email to me. I've researched and I am pretty sure that I understand how to best create emails with a specific subject and body filled in.
Create the mailto code/script/line that would create the email.
mailto:test#gmail.com?subject=Test%20Subject&body=This%20is%20a%20test.
Create a tinyurl out of the script, to create a more reliable QR code.
http://tinyurl.com/nry2xud
Make a QR code out of it with any standard website. I used http://www.mobile-barcodes.com/qr-code-generator.
This is all fine, but I want the QR codes to mask the sender's email address. I do not want to get an email from a personal email account that the customer has on their phone. I want to replace their email address with the company address that the specific customer works for.
Is this possible? Thank you for any help you can give.
By definition, mailto uses whatever mail client is configured in the user's browser, and sends from their own email address. (From the spec: "Originator fields like From ... when present in the URI, MUST be ignored.")
If you have a web server somewhere, a better solution would be to avoid mailto entirely. Instead, have the QR code direct the user to a page on your server. The server script for that page (written in, say, PHP) would send you the email. Then, it would also serve up a confirmation message to the user.
HI Guys I have the same issue and I am looking to solve it. Here is detail I have two web sites WebsiteA and WebSiteB (WebsiteB is not in my control, A type of black box for me.).
Both websites have seprate login page
I have alist of users,password of websiteB which I stored in database.
I want a kind of common login page. If user is login to websiteA and he want to go to websiteB, he dont have to enter the login and password information again.
I can not touch the code of websiteB. it's alredy deployed and runing.
In websiteB in login form they have a Userid textbox and Password textbox and and a login Button. This butoon is not a submit button. It has a click event which calls a function to validate the user. it's not a simple post.
WebsiteB has one webpage which has different frames. After login sucessfull. The pages doesnt go to any other page it remain on the same page but load the different frame.
According to my knowledge. I can use httpwebrequest class. But faceing the following problem.
Can not click the button.
Response.Redirect does not work.
It seems that WebsiteB is not storing any thing in cookies as cookies always return me a empty string
I really appriciate if anyone can help me on it.
How Can I use response.Redirect . As when I redirect it shows me the same login page.
Without knowing how login works to site B I could not say for sure, but at some point, I'm sure there is a post with login information. My best guess at a solution would be try to imitate what site B does on login. Use firebug and watch what gets sent, and what is returned. You'll have to mimic this behavior.
It may be something like:
POST credentials to site B for verification, returns verification result.
If verification is good, use token from verification result to redirect to site B.
Again, without knowledge of site B, I could not say, but whatever it does, it likely does using normal http, thus you can probably duplicate it. That said, site B may forbid you from logging in by only accepting logins from certain URLs.
As for using the HttpWebRequest, I think you'll find you're better off just having a hidden form which you submit from site A.
A HttpWebRequest will execute on the server of WebsiteA. Even if you execute the correct HttpWebRequest POST to WebsiteB, you won't be able to pass that session cookie to the user's browser without also immediately redirecting to WebsiteB.
There are other single-sign-on techniques you may want to investigate - the approach you have described will not work.
HI I figure out . We can create a string of XML and the converting the string into bytes and then use the normal write function of HttpWebrequest to Write the XML.