homepage Welcome to WebmasterWorld Guest from 54.166.228.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

    
1-Click Login to AdSense
Login fast with a special link...
Mr_PHP




msg:1460065
 2:37 pm on Aug 20, 2004 (gmt 0)

Hello all,

This is useful for (nearly) all Adsense users:

Logging in to AdSense can be done with 1 click....

For those who didn't know already - this is done using a link which contains your username and password, like:
https://www.google.com/adsense/login.do?username=[E-MAIL]&password=[PASSWORD]
replace the [e-mail] and [password] with your own details!

If you like to go to the payments reports page directly (instead of the main page) add this to the above link: "&destination=reports-payment", or for the ad settings page: "&destination=code"

Now, easiest way is to create a shortcut to this link on your desktop and name it "AdSense"; open Internet Explorer (be sure the links bar is displayed!) and minimize it; then draw the shortcut to Internet Explorer (minimized on the taskbar) and to the links bar in IE. Stop pressing the mouse and a new button named "AdSense" should be in your links bar!
You can also just bookmark any webpage, then rightclick on this bookmark and change the link target (and name) to the aforementioned link. (draw it from your favorites list to the links bar for quicker access!)

- Note 1: Do not use this on a public computer if you do not want others to be able to find your login details.
- Note 2: Although it's a HTTPS link, your details are still sent across the Internet this way, which has certain risks. (for the safest login always use the AS login form)
- Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)
- Note 4: All of this applies to many other sites as well, eg. hotmail, msn zone and other sites with login.

Anyway, I loved this and thought I'd share it with y'all. :)

Any comments appreciated, as well as other (better?) ways!

Best regards, Arno

 

spharalsia




msg:1460066
 3:51 pm on Aug 20, 2004 (gmt 0)

Thanks for sharing this! I'm going to give it a try.

TonysDesigns




msg:1460067
 4:54 pm on Aug 20, 2004 (gmt 0)

Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)

-- can you give us a direct example (minus username/password) of this javascript?

eduardomaio




msg:1460068
 5:33 pm on Aug 20, 2004 (gmt 0)

Or you can use Opera's and the Wand to save all your passwords and login with a single click ;)

ogletree




msg:1460069
 6:18 pm on Aug 20, 2004 (gmt 0)

That is pretty insecure. A get is not encrypted.

Mr_PHP




msg:1460070
 6:47 pm on Aug 20, 2004 (gmt 0)

Yes, ogletree, that's what I said. :)

Here's the safer version that I mentioned; save this as a .html page on your disk and bookmark that like described above:

<html><body>
<form name="form1" method="post" action="https://www.google.com/adsense/login.do">
<input type="hidden" name="username" value="...">
<input type="hidden" name="password" value="...">
<input type="hidden" name="destination" value="">
</form>
<script>document.form1.submit();</script>
</body></html>

Or, if you like to go directly to a specific AS page, remove the JavaScript line and add the following between the form tags:

<select name="destination" onChange="document.form1.submit();">
<option value="" selected></option>
<option value="reports-aggregate">REPORTS</option>
<option value="reports-payment">PAYMENTS</option>
<option value="ad-filter">URL FILTER</option>
<option value="code">AD SETTINGS</option>
</select>

Mr_PHP




msg:1460071
 12:44 pm on Aug 21, 2004 (gmt 0)

That JavaScript version is definitely safer, and works just as well. I recommend using that one (see previous post).

Btw, all possible values for the "destination" variable can obviously be found in the URL when you visit AdSense:
https://www.google.com/adsense/<destination>

Bluepixel




msg:1460072
 3:12 pm on Aug 21, 2004 (gmt 0)

"That is pretty insecure. A get is not encrypted."

All traffic send and received is encrypted so it's secure. However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

richmondsteve




msg:1460073
 4:10 pm on Aug 21, 2004 (gmt 0)

Bluepixel wrote:
However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

Depends on your level of paranoia and how risk adverse you are. ;-) The publisher passwords are most likely stored one-way encrypted, meaning there wouldn't be plain text passwords visible to employees and would require a brute force attack, a big hole in the authentication code or something like a system intrustion to get access to passwords as authentication took place.

The logs are also likely accessible by a large number of employees, lower on the food chain, and under less scrutiny than the database containing publisher passwords.

And there could be many physical copies of parts of the logs and the risk of log data becoming publicly accessible, either inadvertently or due to a malicious act, is probably greater than the same happening to the passwords.

Using the GET method to include sensitive information in a query string when the POST method is available is something I'd personally avoid. Just my 2 cents.

Mr_PHP




msg:1460074
 12:28 pm on Aug 22, 2004 (gmt 0)

Using the GET method is obviously insecure - no doubt about that. For sensitive info I would not recommend it no, so it then depends on how valuable your AdSense account is to you... :)

Anyway, with a GET many people could see your password, as your info is passed exactly in the requested URL query string, through many webservers worldwide (you don't connect directly to Google's servers).. so some people can either view the logs or monitor for sensitive information in real time (hackers). Also there are several toolbars (and spyware) that log all requested URLs and save that info in logs and databases, so someone with bad intentions could easily log into your account.. simply by using the URL that you visited.
Not all people have bad intentions, and there is only a small chance someone will use your account info - and besides you can contact Google and regain access to your account, but it's still a risk.

So again: see the javascript example above - I recommend using that method instead!

marttali




msg:1460075
 12:38 pm on Aug 23, 2004 (gmt 0)

Wouldn't it be easier to use Opera instead?

Mr_PHP




msg:1460076
 6:36 pm on Aug 23, 2004 (gmt 0)

I hate Opera! ;) Keep in mind most people use IE *only*.
Besides it might be unsafer (Opera: hackers?)

robsynnott




msg:1460077
 4:51 pm on Aug 25, 2004 (gmt 0)

About using the GET, be careful if you access the internet through a proxy; some proxies keep logs of HTTPS requests.

drbrain




msg:1460078
 5:34 pm on Aug 25, 2004 (gmt 0)

An HTTPS GET is no less secure to transmit than the POST. SSL/TLS is initialized *before* sending the HTTP request, not after.

Proxies cannot proxy HTTPS traffic, since it uses end-to-end encryption.

Please read your HTTP and HTTPS RFCs.

(The security of the logs is not guaranteed, RFC 2616 Section 15.1.1.)

dataguy




msg:1460079
 6:37 pm on Aug 25, 2004 (gmt 0)

You're missing the most insecure part.... If you have a toolbar installed (Alexa, Google, Yahoo, MSN, etc.) your toolbar is most likely transmitting the URL used for a GET unecrypted back to their servers. About a year ago I set up something similar just for ease of use on one of my own sites. After a few days I noticed the ia_archiver from Alexa visiting the URL, with the username and password intact.

Additionally, the most common data collected by spyware is surfing habits, meaning the URL's that you visit. If your AdSense username and password are in the URL, then that is part of what is recorded. Eeek!

I can't imagine advising to do this, especially if financial information is at stake.

Mr_PHP




msg:1460080
 6:44 pm on Aug 25, 2004 (gmt 0)

Yes, drbrain, you're the expert there. I don't know everything about GET, POST, etc..
What I mean is that with a GET request all the (sensitive) information is visible in the URL, while it is not with POST (eg. in logs and in live traffic monitoring).

I don't really know how the POST works and how safe that really is - I will search for that to find out more on another WW forum. :)

dataguy, you're totally right.
To everyone once again: use the (much safer) Javascript version that I posted earlier in this thread, or if using Opera use the Wand (whatever that is).

[edited by: Mr_PHP at 6:48 pm (utc) on Aug. 25, 2004]

ogletree




msg:1460081
 6:48 pm on Aug 25, 2004 (gmt 0)

I use Fire Fox I don't have any weird stuff installed on that.

robsynnott




msg:1460082
 11:44 pm on Aug 25, 2004 (gmt 0)

SSL/TLS is initialized *before* sending the HTTP request, not after.

Right you are, sorry 'bout that... Shouldn't post without thinking.... :S

golocal




msg:1460083
 2:49 am on Aug 27, 2004 (gmt 0)

I have several Ad companies to log in to.
Here is a cute little Java code that does the trick for me.
Make .HTML page on hard drive with several buttons to other sites and they will open in a pop-up window.
Does anyone see any security concerns with this script?

<html>
<head>
<title>Stats Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript">
<!--

function Openme(newin) {
flyout=window.open(newin,"flyout","resizable=yes,scrollbars=yes,width=600,height=800,top=30,left=30")

}

// -->
</script>
</head>


<form action="https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword">
<input type="button" name="Submit2" value="Google " onClick="Openme('https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword')" />
</form>

</body>
</html>

Mr_PHP




msg:1460084
 10:51 am on Aug 27, 2004 (gmt 0)

golocal, this is just the same as discussed before.
The URL contains your login details, see previous posts...

Bluepixel




msg:1460085
 10:59 am on Aug 27, 2004 (gmt 0)

How do you know the toolbars don't log parameters submitted with POST?

killroy




msg:1460086
 11:16 am on Aug 27, 2004 (gmt 0)

Just as an aside, my own logs always log POST info as well. There is no reason why another site might not log POST details as well.

SN

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved