« Religious Crackpot Of The Month: October 2007      
      Duracell’s Scientists Did This Years Ago »      
 

On a Failed Venture

October 25th, 2007

I’ve had an idea in my head for a short time now. I thought it’d be good if there was a website that stored all your usernames and passwords for things so that if you were using a different computer (say, in a hotel or a cybercafé or something) then you could just go there, put in one set of login details, and then it’d log you into all the others. So I wrote it, and put it up at logmein.apathysketchpad.com. You give it a URL, by edit-box or bookmarklet, and it extracts all the forms and shows you them. Then you fill in the login one and it remembers what you typed. Next time you come back to logmein it will show you a login button, with no input fields, for each site you’ve added. You can then loginto each one without typing anything. It stores and transmits your passwords unencrypted, pretty well by necessity, but there you go.

Only problem is, it doesn’t work. Not properly, anyway. Works a bit. There were a few problems. First, the URL the login is submitted to. It’s usually given relative to the page, and parsing the source URL to find out what the submission URL will be can be a pain. But that’s a problem I solved. Turns out, though, that some websites fill the login form with all sorts of weird stuff: expiring session IDs, gibberish I couldn’t figure out… I just replicated all hidden fields, and it usually seems to work, although some sites need their gibberish up-to-date and fail. But other websites, like vBulletin forums (like RealVG’s), didn’t accept POST requests from external websites — specifically blocking this kind of site from working. How annoying. (Particularly annoying that it probably does work it you’re running a crappy firewall.)

Feel free to play with it, or even use it, though. Some sites won’t; other sites won’t. I promise I won’t look at the password database. (Really, I ought to encrypt the database a bit — I’d still be able to decrypt it but I’d not see things by accident if I had to do maintenance. But since it doesn’t work, I didn’t bother.) If people think it works well enough I might make it look nice. But as it is I’m happy enough to chalk it up to just a good idea that didn’t work.

Ho hum.

This entry was posted on Thursday, October 25th, 2007 at 21:31 and is filed under Internet, Site News. You can follow any responses to this entry through the RSS 2.0 feed.

[?]
You can leave a response, or trackback from your own site.

2 Responses to “On a Failed Venture”

  1. Gravatar person Says:
    November 1st, 2007 at 18:51

    OpenID does this, and it is secure, but it requires co-operation of the websites
  2. Gravatar Andrew Says:
    November 1st, 2007 at 18:58

    Oh, so it does. I’d rather hoped to make something that didn’t need any website cooperation — more like the “magic wand” in Opera, but web-based. But since that would appear to be impossible in the general case, OpenID looks like the best solution.

Leave a Reply

Search


Blog Pages

Other Pages

Cartoons

Other Sites

Me Elsewhere