Forum Moderators: martinibuster
This is useful for (nearly) all Adsense users:
Logging in to AdSense can be done with 1 click....
For those who didn't know already - this is done using a link which contains your username and password, like:
https://www.google.com/adsense/login.do?username=[E-MAIL]&password=[PASSWORD]
replace the [e-mail] and [password] with your own details!
If you like to go to the payments reports page directly (instead of the main page) add this to the above link: "&destination=reports-payment", or for the ad settings page: "&destination=code"
Now, easiest way is to create a shortcut to this link on your desktop and name it "AdSense"; open Internet Explorer (be sure the links bar is displayed!) and minimize it; then draw the shortcut to Internet Explorer (minimized on the taskbar) and to the links bar in IE. Stop pressing the mouse and a new button named "AdSense" should be in your links bar!
You can also just bookmark any webpage, then rightclick on this bookmark and change the link target (and name) to the aforementioned link. (draw it from your favorites list to the links bar for quicker access!)
- Note 1: Do not use this on a public computer if you do not want others to be able to find your login details.
- Note 2: Although it's a HTTPS link, your details are still sent across the Internet this way, which has certain risks. (for the safest login always use the AS login form)
- Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)
- Note 4: All of this applies to many other sites as well, eg. hotmail, msn zone and other sites with login.
Anyway, I loved this and thought I'd share it with y'all. :)
Any comments appreciated, as well as other (better?) ways!
Best regards, Arno
Note 3: For increased safety, you can create a local HTML page with a form with pre-entered parameters like above and use a JS script to submit the form to the Google URL directly (using "POST") (<script>document.formname.submit();</script>). This is the page to link to using the button in your browser - still a 1-click login! (or open the page directly)
-- can you give us a direct example (minus username/password) of this javascript?
Here's the safer version that I mentioned; save this as a .html page on your disk and bookmark that like described above:
<html><body>
<form name="form1" method="post" action="https://www.google.com/adsense/login.do">
<input type="hidden" name="username" value="...">
<input type="hidden" name="password" value="...">
<input type="hidden" name="destination" value="">
</form>
<script>document.form1.submit();</script>
</body></html>
Or, if you like to go directly to a specific AS page, remove the JavaScript line and add the following between the form tags:
<select name="destination" onChange="document.form1.submit();">
<option value="" selected></option>
<option value="reports-aggregate">REPORTS</option>
<option value="reports-payment">PAYMENTS</option>
<option value="ad-filter">URL FILTER</option>
<option value="code">AD SETTINGS</option>
</select>
Btw, all possible values for the "destination" variable can obviously be found in the URL when you visit AdSense:
[google.com...]
All traffic send and received is encrypted so it's secure. However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.
However, if you use get, the parameters are normally logged by the web server. But as googles knows your password anyway, this shouldn't matter much.
Depends on your level of paranoia and how risk adverse you are. ;-) The publisher passwords are most likely stored one-way encrypted, meaning there wouldn't be plain text passwords visible to employees and would require a brute force attack, a big hole in the authentication code or something like a system intrustion to get access to passwords as authentication took place.
The logs are also likely accessible by a large number of employees, lower on the food chain, and under less scrutiny than the database containing publisher passwords.
And there could be many physical copies of parts of the logs and the risk of log data becoming publicly accessible, either inadvertently or due to a malicious act, is probably greater than the same happening to the passwords.
Using the GET method to include sensitive information in a query string when the POST method is available is something I'd personally avoid. Just my 2 cents.
Anyway, with a GET many people could see your password, as your info is passed exactly in the requested URL query string, through many webservers worldwide (you don't connect directly to Google's servers).. so some people can either view the logs or monitor for sensitive information in real time (hackers). Also there are several toolbars (and spyware) that log all requested URLs and save that info in logs and databases, so someone with bad intentions could easily log into your account.. simply by using the URL that you visited.
Not all people have bad intentions, and there is only a small chance someone will use your account info - and besides you can contact Google and regain access to your account, but it's still a risk.
So again: see the javascript example above - I recommend using that method instead!
Proxies cannot proxy HTTPS traffic, since it uses end-to-end encryption.
Please read your HTTP and HTTPS RFCs.
(The security of the logs is not guaranteed, RFC 2616 Section 15.1.1.)
Additionally, the most common data collected by spyware is surfing habits, meaning the URL's that you visit. If your AdSense username and password are in the URL, then that is part of what is recorded. Eeek!
I can't imagine advising to do this, especially if financial information is at stake.
I don't really know how the POST works and how safe that really is - I will search for that to find out more on another WW forum. :)
dataguy, you're totally right.
To everyone once again: use the (much safer) Javascript version that I posted earlier in this thread, or if using Opera use the Wand (whatever that is).
[edited by: Mr_PHP at 6:48 pm (utc) on Aug. 25, 2004]
SSL/TLS is initialized *before* sending the HTTP request, not after.
Right you are, sorry 'bout that... Shouldn't post without thinking.... :S
<html>
<head>
<title>Stats Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript">
<!--
function Openme(newin) {
flyout=window.open(newin,"flyout","resizable=yes,scrollbars=yes,width=600,height=800,top=30,left=30")
}
// -->
</script>
</head>
<form action="https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword">
<input type="button" name="Submit2" value="Google " onClick="Openme('https://www.google.com/adsense/login.do?username=yourname@google.net&password=yourpassword')" />
</form>
</body>
</html>
SN
