Progress
on the Web


The Dangers of Embedding User IDs and Passwords in URLs

Each Internet-based server or AppServer a WebClient application wants to access has a URL, which you specify to WebClient at application-definition time using the Application Assembler. If the Web server or Appserver requires a user ID or password, you can embed the authentication information in the URL. But doing so weakens security, since it might reveal user IDs and passwords to unauthorized personnel.

NOTE: PSC recommends that user IDs and passwords not be embedded in server URLs.


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095