It is well-known that URLs are not only stored in the local browser's history and the server's access log, but also submitted to many search engines via toolbar addons. They're just not private.

This means that any solution that operates on a pure URL authentication is inherently vulnerable. But at least one improvement could be made here: Rather than exposing the clear password in the URL, you should generate a hash ID (similar to a session ID or an MD5 hash), store it and put that in the URL.

This hash could then be set to expire regularly, or be manually reset when compromised. Attackers can still gain access while the hash is working, but they don't have an indefinite time to do so, and they can't learn your password for use on other sites.

Comments

kwinters’s picture

In addition to this obfuscation, I wholly recommending moving the authentication information from the URL to a cookie. At least then you don't have to worry about someone accidentally pasting a link which allows full user access.

kwinters’s picture

Status: Active » Closed (fixed)

Project discontinued, see project page.