(imported topic written by BenKus)
I was recently asked how you might log into web reports without requiring the user go through a logon page. The idea is that if you aren’t concerned about the security of the data in web reports, you can send someone a link with the username/password embedded so they don’t need to go through the logon screen.
Here is how you would do that:
If your username/password is ben/bigfixrulez, you could use a url like this:
http://webreportsurl/webreports?Username=ben&Password=bigfixrulez&page=StoredReport – This will give you the specific page, but won’t allow you to go to other pages (they would require login)
http://webreportsurl/webreports?page=LoggingIn&fwdpage=&Username=ben&Password=bigfixrulez – This will log the user into web reports and show them the overview page (and they will be able to access any web reports page from there).
http://webreportsurl/webreports?Username=ben&Password=bigfixrulez&page=LoggingIn&fwdpage=StoredReport – This will log them in and forward them to a specific page (and they will be able to any web reports page from there).
When you visit web reports urls, you can see other parameters in the url and you build off of the examples I gave you to auto-login or to simply direct to a webpage…
It should hopefully be clear that this completely compromises the security of web reports because anyone who sees the url can easily figure out how to login to web reports… but some people seem not to mind this fact so these are your options…
Ben