使用cookie在桌面应用程序中预填充信息
我有非常具体的问题。
我有一个基于网络的应用程序,它在登录后设置cookie。连接到 Web 界面的桌面应用程序使用相同的登录详细信息。
我的想法是,当用户第一次登录网络应用程序并为他设置 cookie 时,他会下载该应用程序,将其安装在他的电脑上,并以某种方式首次启动它,以获取用户和密码并自动填充桌面应用程序中的登录字段,因此无需再次编写它们。
其中一种方法是将登录名和密码以明文形式保存在 cookie 中,这是非常危险的,然后桌面应用程序从浏览器获取此 cookie(该应用程序是用 c++ 编写的)。
目前我真的不知道如何做到这一点,但如果有办法,我很乐意采纳您的任何建议。
I have very specific problem.
I have web based application which set cookie after login. The same login details are used in desktop application which is connected to the web interface.
My idea was is it possible that when the user logins first in web app and it set cookie for him, then he downloads the application, install it on his PC and start it for first time somehow to get the user and password and auto fill the login fields in desktop application, so it won't be necessary to write them second time.
One of the ways is to save the login and password in a plaintext in cookie, which is very risky and then the desktop app gets this cookie from the browser (the app is written in c++).
I really don't have any clear idea at the moment how this could be done, but if there is a way I will be happy to red any of your suggestions.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我看到的主要问题实际上是获取 cookie。我不知道如何在所有操作系统/操作系统版本、浏览器/浏览器版本上可靠地做到这一点。您可以在包含凭据的下载中包含加密的资源文件。您可以将其放入服务器端下载的存档中。
不登录真的不能下载吗?
编辑:在下载中包含一个一次性令牌,客户端可以使用它获取用户名和密码(通过 SSL,加密,某种程度上安全)看起来是一个不错的选择。
The main issue I see is actually getting to the cookie. I can't see how you'd do that reliably with all the OSes / OS versions, browsers / browser versions out there. You could maybe include an encrypted resource file in the download containing the credentials. You can put that into the downloaded archive on the server side.
Is downloading without a login really not an option?
Edit: including a one-use token in the download, using which the client can fetch the username and password (via SSL, encrypted, somehow safe) looks like a good bet.