Progress
on the Web
The Dangers of Embedding User IDs and Passwords in URLs
Each Internet-based server or AppServer a WebClient application wants to access has a URL, which you specify to WebClient at application-definition time using the Application Assembler. If the Web server or Appserver requires a user ID or password, you can embed the authentication information in the URL. But doing so weakens security, since it might reveal user IDs and passwords to unauthorized personnel.
NOTE: PSC recommends that user IDs and passwords not be embedded in server URLs.
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |