Sitesucker how to pass credentials password#
While sites sometimes put SSL on the login page, they often didn’t bother for other parts of the site (relying on time-limited session cookies instead), so sending a username and password to a random URL was quite risky.
Sitesucker how to pass credentials how to#
If we really do want to give them access, the problem becomes how to securely pass along some credentials with the URL so that they can access the page we have linked.Ī commonly desired approach to this problem is to encode the credentials into the URL itself. Sometimes they do, and everything is fine, but often they do not. But what happens when the page you want to link is not public and requires credentials in order to view or interact with it? Suddenly a URL is no longer sufficient, unless the recipient happens to already have credentials. Google crawls the web, discovering and indexing such links. People copy and paste URLs into Slack or WhatsApp to share interesting links. URLs are a cornerstone of the web, and are the basic means by which content and resources are shared and disseminated. You may also like my proposal: Towards a standard for bearer token URLs. Update: an updated version of the ideas in this blog post appears in chapter 9 of my book.