Welcome to WebmasterWorld Guest from 54.160.177.33

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

1-Click Login to AdSense

Login fast with a special link...

     
2:37 pm on Aug 20, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


Hello all,

This is useful for (nearly) all Adsense users:

Logging in to AdSense can be done with 1 click....

For those who didn't know already - this is done using a link which contains your username and password, like:
https://www.google.com/adsense/login.do?username=[E-MAIL]&password=[PASSWORD]
replace the [e-mail] and [password] with your own details!

If you like to go to the payments reports page directly (instead of the main page) add this to the above link: "&destination=reports-payment", or for the ad settings page: "&destination=code"

Now, easiest way is to create a shortcut to this link on your desktop and name it "AdSense"; open Internet Explorer (be sure the links bar is displayed!) and minimize it; then draw the shortcut to Internet Explorer (minimized on the taskbar) and to the links bar in IE. Stop pressing the mouse and a new button named "AdSense" should be in your links bar!
You can also just bookmark any webpage, then rightclick on this bookmark and change the link target (and name) to the aforementioned link. (draw it from your favorites list to the links bar for quicker access!)

- Note 1: Do not use this on a public computer if you do not want others to be able to find your login details.
- Note 2: Although it's a HTTPS link, your details are still sent across the Internet this way, which has certain risks. (for the safest login always use the AS login form)
- Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)
- Note 4: All of this applies to many other sites as well, eg. hotmail, msn zone and other sites with login.

Anyway, I loved this and thought I'd share it with y'all. :)

Any comments appreciated, as well as other (better?) ways!

Best regards, Arno

3:51 pm on Aug 20, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 21, 2004
posts:67
votes: 0


Thanks for sharing this! I'm going to give it a try.
4:54 pm on Aug 20, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 8, 2004
posts:131
votes: 0


Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)

-- can you give us a direct example (minus username/password) of this javascript?

5:33 pm on Aug 20, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 14, 2004
posts:44
votes: 0


Or you can use Opera's and the Wand to save all your passwords and login with a single click ;)
6:18 pm on Aug 20, 2004 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 14, 2003
posts:4249
votes: 16


That is pretty insecure. A get is not encrypted.
6:47 pm on Aug 20, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


Yes, ogletree, that's what I said. :)

Here's the safer version that I mentioned; save this as a .html page on your disk and bookmark that like described above:

<html><body>
<form name="form1" method="post" action="https://www.google.com/adsense/login.do">
<input type="hidden" name="username" value="...">
<input type="hidden" name="password" value="...">
<input type="hidden" name="destination" value="">
</form>
<script>document.form1.submit();</script>
</body></html>

Or, if you like to go directly to a specific AS page, remove the JavaScript line and add the following between the form tags:

<select name="destination" onChange="document.form1.submit();">
<option value="" selected></option>
<option value="reports-aggregate">REPORTS</option>
<option value="reports-payment">PAYMENTS</option>
<option value="ad-filter">URL FILTER</option>
<option value="code">AD SETTINGS</option>
</select>
12:44 pm on Aug 21, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


That JavaScript version is definitely safer, and works just as well. I recommend using that one (see previous post).

Btw, all possible values for the "destination" variable can obviously be found in the URL when you visit AdSense:
[google.com...]

3:12 pm on Aug 21, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Mar 5, 2004
posts:215
votes: 0


"That is pretty insecure. A get is not encrypted."

All traffic send and received is encrypted so it's secure. However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

4:10 pm on Aug 21, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:July 14, 2003
posts:581
votes: 0


Bluepixel wrote:
However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

Depends on your level of paranoia and how risk adverse you are. ;-) The publisher passwords are most likely stored one-way encrypted, meaning there wouldn't be plain text passwords visible to employees and would require a brute force attack, a big hole in the authentication code or something like a system intrustion to get access to passwords as authentication took place.

The logs are also likely accessible by a large number of employees, lower on the food chain, and under less scrutiny than the database containing publisher passwords.

And there could be many physical copies of parts of the logs and the risk of log data becoming publicly accessible, either inadvertently or due to a malicious act, is probably greater than the same happening to the passwords.

Using the GET method to include sensitive information in a query string when the POST method is available is something I'd personally avoid. Just my 2 cents.

12:28 pm on Aug 22, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


Using the GET method is obviously insecure - no doubt about that. For sensitive info I would not recommend it no, so it then depends on how valuable your AdSense account is to you... :)

Anyway, with a GET many people could see your password, as your info is passed exactly in the requested URL query string, through many webservers worldwide (you don't connect directly to Google's servers).. so some people can either view the logs or monitor for sensitive information in real time (hackers). Also there are several toolbars (and spyware) that log all requested URLs and save that info in logs and databases, so someone with bad intentions could easily log into your account.. simply by using the URL that you visited.
Not all people have bad intentions, and there is only a small chance someone will use your account info - and besides you can contact Google and regain access to your account, but it's still a risk.

So again: see the javascript example above - I recommend using that method instead!

12:38 pm on Aug 23, 2004 (gmt 0)

New User

10+ Year Member

joined:Jan 9, 2003
posts:36
votes: 0


Wouldn't it be easier to use Opera instead?
6:36 pm on Aug 23, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


I hate Opera! ;) Keep in mind most people use IE *only*.
Besides it might be unsafer (Opera: hackers?)
4:51 pm on Aug 25, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 20, 2004
posts:142
votes: 0


About using the GET, be careful if you access the internet through a proxy; some proxies keep logs of HTTPS requests.
5:34 pm on Aug 25, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 18, 2003
posts:827
votes: 0


An HTTPS GET is no less secure to transmit than the POST. SSL/TLS is initialized *before* sending the HTTP request, not after.

Proxies cannot proxy HTTPS traffic, since it uses end-to-end encryption.

Please read your HTTP and HTTPS RFCs.

(The security of the logs is not guaranteed, RFC 2616 Section 15.1.1.)

6:37 pm on Aug 25, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 12, 2004
posts:1355
votes: 0


You're missing the most insecure part.... If you have a toolbar installed (Alexa, Google, Yahoo, MSN, etc.) your toolbar is most likely transmitting the URL used for a GET unecrypted back to their servers. About a year ago I set up something similar just for ease of use on one of my own sites. After a few days I noticed the ia_archiver from Alexa visiting the URL, with the username and password intact.

Additionally, the most common data collected by spyware is surfing habits, meaning the URL's that you visit. If your AdSense username and password are in the URL, then that is part of what is recorded. Eeek!

I can't imagine advising to do this, especially if financial information is at stake.

6:44 pm on Aug 25, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


Yes, drbrain, you're the expert there. I don't know everything about GET, POST, etc..
What I mean is that with a GET request all the (sensitive) information is visible in the URL, while it is not with POST (eg. in logs and in live traffic monitoring).

I don't really know how the POST works and how safe that really is - I will search for that to find out more on another WW forum. :)

dataguy, you're totally right.
To everyone once again: use the (much safer) Javascript version that I posted earlier in this thread, or if using Opera use the Wand (whatever that is).

[edited by: Mr_PHP at 6:48 pm (utc) on Aug. 25, 2004]

6:48 pm on Aug 25, 2004 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 14, 2003
posts:4249
votes: 16


I use Fire Fox I don't have any weird stuff installed on that.
11:44 pm on Aug 25, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 20, 2004
posts:142
votes: 0


SSL/TLS is initialized *before* sending the HTTP request, not after.

Right you are, sorry 'bout that... Shouldn't post without thinking.... :S

2:49 am on Aug 27, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 22, 2003
posts:55
votes: 0


I have several Ad companies to log in to.
Here is a cute little Java code that does the trick for me.
Make .HTML page on hard drive with several buttons to other sites and they will open in a pop-up window.
Does anyone see any security concerns with this script?

<html>
<head>
<title>Stats Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript">
<!--

function Openme(newin) {
flyout=window.open(newin,"flyout","resizable=yes,scrollbars=yes,width=600,height=800,top=30,left=30")

}

// -->
</script>
</head>


<form action="https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword">
<input type="button" name="Submit2" value="Google " onClick="Openme('https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword')" />
</form>

</body>
</html>

10:51 am on Aug 27, 2004 (gmt 0)

New User

10+ Year Member

joined:Dec 28, 2003
posts:37
votes: 0


golocal, this is just the same as discussed before.
The URL contains your login details, see previous posts...
10:59 am on Aug 27, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Mar 5, 2004
posts:215
votes: 0


How do you know the toolbars don't log parameters submitted with POST?
11:16 am on Aug 27, 2004 (gmt 0)

Senior Member from MT 

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 1, 2003
posts:1843
votes: 0


Just as an aside, my own logs always log POST info as well. There is no reason why another site might not log POST details as well.

SN