Welcome to WebmasterWorld Guest from 54.197.94.141

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

1-Click Login to AdSense

Login fast with a special link...

   
2:37 pm on Aug 20, 2004 (gmt 0)

10+ Year Member



Hello all,

This is useful for (nearly) all Adsense users:

Logging in to AdSense can be done with 1 click....

For those who didn't know already - this is done using a link which contains your username and password, like:
https://www.google.com/adsense/login.do?username=[E-MAIL]&password=[PASSWORD]
replace the [e-mail] and [password] with your own details!

If you like to go to the payments reports page directly (instead of the main page) add this to the above link: "&destination=reports-payment", or for the ad settings page: "&destination=code"

Now, easiest way is to create a shortcut to this link on your desktop and name it "AdSense"; open Internet Explorer (be sure the links bar is displayed!) and minimize it; then draw the shortcut to Internet Explorer (minimized on the taskbar) and to the links bar in IE. Stop pressing the mouse and a new button named "AdSense" should be in your links bar!
You can also just bookmark any webpage, then rightclick on this bookmark and change the link target (and name) to the aforementioned link. (draw it from your favorites list to the links bar for quicker access!)

- Note 1: Do not use this on a public computer if you do not want others to be able to find your login details.
- Note 2: Although it's a HTTPS link, your details are still sent across the Internet this way, which has certain risks. (for the safest login always use the AS login form)
- Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)
- Note 4: All of this applies to many other sites as well, eg. hotmail, msn zone and other sites with login.

Anyway, I loved this and thought I'd share it with y'all. :)

Any comments appreciated, as well as other (better?) ways!

Best regards, Arno

3:51 pm on Aug 20, 2004 (gmt 0)

10+ Year Member



Thanks for sharing this! I'm going to give it a try.
4:54 pm on Aug 20, 2004 (gmt 0)

10+ Year Member



Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)

-- can you give us a direct example (minus username/password) of this javascript?

5:33 pm on Aug 20, 2004 (gmt 0)

10+ Year Member



Or you can use Opera's and the Wand to save all your passwords and login with a single click ;)
6:18 pm on Aug 20, 2004 (gmt 0)

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member



That is pretty insecure. A get is not encrypted.
6:47 pm on Aug 20, 2004 (gmt 0)

10+ Year Member



Yes, ogletree, that's what I said. :)

Here's the safer version that I mentioned; save this as a .html page on your disk and bookmark that like described above:

<html><body>
<form name="form1" method="post" action="https://www.google.com/adsense/login.do">
<input type="hidden" name="username" value="...">
<input type="hidden" name="password" value="...">
<input type="hidden" name="destination" value="">
</form>
<script>document.form1.submit();</script>
</body></html>

Or, if you like to go directly to a specific AS page, remove the JavaScript line and add the following between the form tags:

<select name="destination" onChange="document.form1.submit();">
<option value="" selected></option>
<option value="reports-aggregate">REPORTS</option>
<option value="reports-payment">PAYMENTS</option>
<option value="ad-filter">URL FILTER</option>
<option value="code">AD SETTINGS</option>
</select>
12:44 pm on Aug 21, 2004 (gmt 0)

10+ Year Member



That JavaScript version is definitely safer, and works just as well. I recommend using that one (see previous post).

Btw, all possible values for the "destination" variable can obviously be found in the URL when you visit AdSense:
[google.com...]

3:12 pm on Aug 21, 2004 (gmt 0)

10+ Year Member



"That is pretty insecure. A get is not encrypted."

All traffic send and received is encrypted so it's secure. However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

4:10 pm on Aug 21, 2004 (gmt 0)

10+ Year Member



Bluepixel wrote:
However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.

Depends on your level of paranoia and how risk adverse you are. ;-) The publisher passwords are most likely stored one-way encrypted, meaning there wouldn't be plain text passwords visible to employees and would require a brute force attack, a big hole in the authentication code or something like a system intrustion to get access to passwords as authentication took place.

The logs are also likely accessible by a large number of employees, lower on the food chain, and under less scrutiny than the database containing publisher passwords.

And there could be many physical copies of parts of the logs and the risk of log data becoming publicly accessible, either inadvertently or due to a malicious act, is probably greater than the same happening to the passwords.

Using the GET method to include sensitive information in a query string when the POST method is available is something I'd personally avoid. Just my 2 cents.

12:28 pm on Aug 22, 2004 (gmt 0)

10+ Year Member



Using the GET method is obviously insecure - no doubt about that. For sensitive info I would not recommend it no, so it then depends on how valuable your AdSense account is to you... :)

Anyway, with a GET many people could see your password, as your info is passed exactly in the requested URL query string, through many webservers worldwide (you don't connect directly to Google's servers).. so some people can either view the logs or monitor for sensitive information in real time (hackers). Also there are several toolbars (and spyware) that log all requested URLs and save that info in logs and databases, so someone with bad intentions could easily log into your account.. simply by using the URL that you visited.
Not all people have bad intentions, and there is only a small chance someone will use your account info - and besides you can contact Google and regain access to your account, but it's still a risk.

So again: see the javascript example above - I recommend using that method instead!

12:38 pm on Aug 23, 2004 (gmt 0)

10+ Year Member



Wouldn't it be easier to use Opera instead?
6:36 pm on Aug 23, 2004 (gmt 0)

10+ Year Member



I hate Opera! ;) Keep in mind most people use IE *only*.
Besides it might be unsafer (Opera: hackers?)
4:51 pm on Aug 25, 2004 (gmt 0)

10+ Year Member



About using the GET, be careful if you access the internet through a proxy; some proxies keep logs of HTTPS requests.
5:34 pm on Aug 25, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



An HTTPS GET is no less secure to transmit than the POST. SSL/TLS is initialized *before* sending the HTTP request, not after.

Proxies cannot proxy HTTPS traffic, since it uses end-to-end encryption.

Please read your HTTP and HTTPS RFCs.

(The security of the logs is not guaranteed, RFC 2616 Section 15.1.1.)

6:37 pm on Aug 25, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You're missing the most insecure part.... If you have a toolbar installed (Alexa, Google, Yahoo, MSN, etc.) your toolbar is most likely transmitting the URL used for a GET unecrypted back to their servers. About a year ago I set up something similar just for ease of use on one of my own sites. After a few days I noticed the ia_archiver from Alexa visiting the URL, with the username and password intact.

Additionally, the most common data collected by spyware is surfing habits, meaning the URL's that you visit. If your AdSense username and password are in the URL, then that is part of what is recorded. Eeek!

I can't imagine advising to do this, especially if financial information is at stake.

6:44 pm on Aug 25, 2004 (gmt 0)

10+ Year Member



Yes, drbrain, you're the expert there. I don't know everything about GET, POST, etc..
What I mean is that with a GET request all the (sensitive) information is visible in the URL, while it is not with POST (eg. in logs and in live traffic monitoring).

I don't really know how the POST works and how safe that really is - I will search for that to find out more on another WW forum. :)

dataguy, you're totally right.
To everyone once again: use the (much safer) Javascript version that I posted earlier in this thread, or if using Opera use the Wand (whatever that is).

[edited by: Mr_PHP at 6:48 pm (utc) on Aug. 25, 2004]

6:48 pm on Aug 25, 2004 (gmt 0)

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I use Fire Fox I don't have any weird stuff installed on that.
11:44 pm on Aug 25, 2004 (gmt 0)

10+ Year Member



SSL/TLS is initialized *before* sending the HTTP request, not after.

Right you are, sorry 'bout that... Shouldn't post without thinking.... :S

2:49 am on Aug 27, 2004 (gmt 0)

10+ Year Member



I have several Ad companies to log in to.
Here is a cute little Java code that does the trick for me.
Make .HTML page on hard drive with several buttons to other sites and they will open in a pop-up window.
Does anyone see any security concerns with this script?

<html>
<head>
<title>Stats Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript">
<!--

function Openme(newin) {
flyout=window.open(newin,"flyout","resizable=yes,scrollbars=yes,width=600,height=800,top=30,left=30")

}

// -->
</script>
</head>


<form action="https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword">
<input type="button" name="Submit2" value="Google " onClick="Openme('https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword')" />
</form>

</body>
</html>

10:51 am on Aug 27, 2004 (gmt 0)

10+ Year Member



golocal, this is just the same as discussed before.
The URL contains your login details, see previous posts...
10:59 am on Aug 27, 2004 (gmt 0)

10+ Year Member



How do you know the toolbars don't log parameters submitted with POST?
11:16 am on Aug 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Just as an aside, my own logs always log POST info as well. There is no reason why another site might not log POST details as well.

SN