we are planning to externalise our portal.
but the issue we are facing is that ,when er directly enter user and password in url we are able to login to the portal.
after entering above url we are able to enter in the portal .
in order to keep our portal secure we need to denyy such kind of login.
Please help how to cope up with this issue.
Thanks and Regards,
Are you planning to use a reverse proxy or web dispatcher in front of the portal, this may give you some options to restrict URLs.
However I'm not sure what you are trying to prevent? If you use HTTPS to ensure passwords are not sent in clear text across the network, the only difference between the HTTP GET and POST requests is that the GET will appear in the browser address bar/history, however I would be very surprised if average users would know to add the j_user & password URL parameters, and technical users would know not to do this.
Thanks for your reply.
Yes we are using Web Dispatcher for this.
Our secutiry team has foud out this problem as vulnerability even though we knw that an average user doesnt know login using j_user and j_password.
In order to release our portal on internet we have to remediate this issue asap.
Thanks and Regards.
URL filtering can be implemented using web dispatcher. Please refer to the below help: