Difference between revisions of "Bypassing the Login Page"

From SmartWiki
Jump to: navigation, search
(Security Implications)
(Undo revision 35822 by Efu (talk))
 
(4 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
http://Alias.smartsimple.biz/exlogin.jsp?alias=alias&user=username&password=password
 
http://Alias.smartsimple.biz/exlogin.jsp?alias=alias&user=username&password=password
  
* Note: '''exlogin.jsp''' is Case Sensitive  
+
* Note: '''exlogin.jsp''' is Case Sensitive
  
  
Line 12: Line 12:
  
 
* The '''Login Page Scripting''' is not functioning correctly
 
* The '''Login Page Scripting''' is not functioning correctly
* When you '''Clone''' a copy of [[SmartSimple]] and the original copy contains a Login Script preventing you from accessing the Clone.  
+
* When you '''Clone''' a copy of [[SmartSimple]] and the original copy contains a Login Script preventing you from accessing the Clone.
  
 
Note: this technique should not be used to create as [[Browser|browser]] shortcut, as the [[Username|username]] and [[Password|password]] are exposed.
 
Note: this technique should not be used to create as [[Browser|browser]] shortcut, as the [[Username|username]] and [[Password|password]] are exposed.
  
  
'''This method of accessing your instance can be disabled in your [[Global Settings]] > [[Login_%26_Security_Settings#Disable_External_Login_Shortcut|Login & Security Settings]].'''
+
'''This method of accessing your instance can be disabled in your [[Global Settings]] > [[Security Settings]].'''
  
 
==Security Implications==
 
==Security Implications==
 
Using this technique can expose your password. Accordingly it should only be used when necessary.
 
Using this technique can expose your password. Accordingly it should only be used when necessary.
 +
 
* '''You should change your password immediately after using this technique'''
 
* '''You should change your password immediately after using this technique'''
* The URL being opened may be available to other users on the same machine on which you are browsing.  
+
* The URL being opened may be available to other users on the same machine on which you are browsing.
* The URL retrieved from the remote machine may be logged elsewhere (ie: Proxy Server history, DNS server).  
+
* The URL retrieved from the remote machine may be logged elsewhere (ie: Proxy Server history, DNS server).
 
* Your browser history may retain the URL including your password.
 
* Your browser history may retain the URL including your password.
  
To remove these possible security concerns this method of accessing SmartSimple can be disabled via [[Global Settings]] > [[Login_%26_Security_Settings#Disable_External_Login_Shortcut|Login & Security Settings]].'''
+
To remove these possible security concerns this method of accessing SmartSimple can be disabled via [[Global Settings]] > [[Security Settings]].'''
  
  
[[Category:Global Settings]][[Category:System Management]][[Category:Security]]
+
[[Category:Global Settings]][[Category:System Management]][[Category:Security]] [[Category:Login Pages]]

Latest revision as of 14:15, 5 April 2022

If you need to bypass Login Page Scripting that you have added to the Login Page, you use the following type of URL:

http://Alias.smartsimple.biz/exlogin.jsp?alias=alias&user=username&password=password

  • Note: exlogin.jsp is Case Sensitive


IMPORTANT: There are security implications with using this technique. See below.


You will need to use this technique when:

  • The Login Page Scripting is not functioning correctly
  • When you Clone a copy of SmartSimple and the original copy contains a Login Script preventing you from accessing the Clone.

Note: this technique should not be used to create as browser shortcut, as the username and password are exposed.


This method of accessing your instance can be disabled in your Global Settings > Security Settings.

Security Implications

Using this technique can expose your password. Accordingly it should only be used when necessary.

  • You should change your password immediately after using this technique
  • The URL being opened may be available to other users on the same machine on which you are browsing.
  • The URL retrieved from the remote machine may be logged elsewhere (ie: Proxy Server history, DNS server).
  • Your browser history may retain the URL including your password.

To remove these possible security concerns this method of accessing SmartSimple can be disabled via Global Settings > Security Settings.