Script to automate website login?

I have a need for a simple script that will allow a user to click on an icon from their desktop and log in to a specific website, populating their sign in and password. Everything I have found so far is for automating a login to a db, which is not what we need. If anyone can point me in the right direction, I would appreciate it.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

JDMurray

Web browsers, like FireFox, automate Web site logins. Have a .url shortcut be what the user double-clicks to login using a specific Web browser.

Everyone

Very bad idea from a security standpoint. If you have control of the website, you should set it up for single-sign on.

JDMurray

Is this an Internet or intranet Web server? If intranet, then SSO is the better--albeit more complex--solution.

Bokeh

They want simplicity. Easier for someone to click and get in, then to have to manually type a 6 character login, and 8-10 character password. This is for logging into a secure site on the internet.

Everyone

Bokeh wrote: »

They want simplicity. Easier for someone to click and get in, then to have to manually type a 6 character login, and 8-10 character password. This is for logging into a secure site on the internet.

They may as well not use a password at all then. Using a script to do this would require the script to contain the users ID and password for the website, which would be in plain text. Not only that, you would either have to train the users on how to modify the script so it would have their user ID and password in it, or you'd have to get it from them so you could set it up yourself.

Using the "Remember my password" feature found in most modern web browsers, as JDMurray suggested, isn't anymore secure. IE at least encrypts the passwords it stores, but there's a free program called "IE PassView" that easily decrypts it and will show anyone all your saved account info. FireFox lets anyone see your saved passwords from it's own option menu! This method would also require some user training.

You should point out the huge security risk to whoever requested this. Is it really worth saving a few seconds?

cisco_trooper

Either LDAP integrate the site or remove the password altogether. It seems the powers that be are missing the point of passwords and are instead seeing it as just an obstacle to overcome. Bad move. Its only a matter of time before something bad happens.

Devilsbane

Security by obscurity isn't really secure.

What kind of information is on this "secure" website?