Script to automate website login?

BokehBokeh Member Posts: 1,636 ■■■■■■■□□□
I have a need for a simple script that will allow a user to click on an icon from their desktop and log in to a specific website, populating their sign in and password. Everything I have found so far is for automating a login to a db, which is not what we need. If anyone can point me in the right direction, I would appreciate it.

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,204 Admin
    Web browsers, like FireFox, automate Web site logins. Have a .url shortcut be what the user double-clicks to login using a specific Web browser.
  • EveryoneEveryone Member Posts: 1,661
    Very bad idea from a security standpoint. If you have control of the website, you should set it up for single-sign on.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,204 Admin
    Is this an Internet or intranet Web server? If intranet, then SSO is the better--albeit more complex--solution.
  • BokehBokeh Member Posts: 1,636 ■■■■■■■□□□
    They want simplicity. Easier for someone to click and get in, then to have to manually type a 6 character login, and 8-10 character password. This is for logging into a secure site on the internet.
  • EveryoneEveryone Member Posts: 1,661
    Bokeh wrote: »
    They want simplicity. Easier for someone to click and get in, then to have to manually type a 6 character login, and 8-10 character password. This is for logging into a secure site on the internet.

    They may as well not use a password at all then. Using a script to do this would require the script to contain the users ID and password for the website, which would be in plain text. Not only that, you would either have to train the users on how to modify the script so it would have their user ID and password in it, or you'd have to get it from them so you could set it up yourself.

    Using the "Remember my password" feature found in most modern web browsers, as JDMurray suggested, isn't anymore secure. IE at least encrypts the passwords it stores, but there's a free program called "IE PassView" that easily decrypts it and will show anyone all your saved account info. FireFox lets anyone see your saved passwords from it's own option menu! This method would also require some user training.

    You should point out the huge security risk to whoever requested this. Is it really worth saving a few seconds?
  • cisco_troopercisco_trooper Too many Member Posts: 1,442 ■■■■□□□□□□
    Either LDAP integrate the site or remove the password altogether. It seems the powers that be are missing the point of passwords and are instead seeing it as just an obstacle to overcome. Bad move. Its only a matter of time before something bad happens.
  • DevilsbaneDevilsbane Member Posts: 4,212 ■■■■■■■■□□
    Security by obscurity isn't really secure.

    What kind of information is on this "secure" website?
    Decide what to be and go be it.
Sign In or Register to comment.