NetTalk Central

Author Topic: Web Login via QR code?  (Read 4334 times)

kboller

  • Newbie
  • *
  • Posts: 24
    • View Profile
    • Email
Web Login via QR code?
« on: April 29, 2016, 08:01:14 AM »
   I'm trying to find a way to make logins easier for users with mobile devices.  Is it possible to embed a http post command in a QR code so embedded user/password information could be read and sent to the app server as a way to authenticate/login as opposed to manually entering a user name/password?  If you feel this is a bad idea feel free to tell me why.   :)

Thanks,

Kurt

Sibuya

  • Jr. Member
  • **
  • Posts: 65
    • View Profile
    • Email
Re: Web Login via QR code?
« Reply #1 on: April 29, 2016, 12:38:09 PM »
Hi Kurt,

I don't know if it works in mobile but you can encode TAB and ENTER commands inside QR Code to try to "emulate" typing. So your application remains the same.

Cheers,

Marcos

Matthew51

  • Full Member
  • ***
  • Posts: 152
    • View Profile
    • Email
Re: Web Login via QR code?
« Reply #2 on: April 29, 2016, 02:40:15 PM »
I don't know much about QR codes, but from what I know this would be one of the best solutions:

You embed a login token in the QR code's url, ie: https://www.KurtSite.com/QRLogin?LoginToken=[Big number]

You can read in this number using p_web.GetValue('LoginToken')

You would need a LoginToken as a column in your login table, with a unique key so you can look up who is logging in and handle your login login as normal.

This method protects the user name and password.  Though anyone with a QR reader could learn the login token.  Any method chosen would have this problem.

Matthew
Contractor with 10+ years of NetTalk experience looking for work.
www.linkedin.com/in/matthew-leavitt
BisWare.ca
Check out my free EasyTime Template

kboller

  • Newbie
  • *
  • Posts: 24
    • View Profile
    • Email
Re: Web Login via QR code?
« Reply #3 on: April 29, 2016, 05:49:06 PM »
Thanks for the ideas.  Matthew's sounds good.  I'm thinking of having the user have an id card with a login QR code they can scan to "login".  Then they can continue to access the database with record specific QR codes. I was hoping to be able to send a HTTP post via a QR scan to protect the data but if that's not possible then Matthew's idea might be second best.

Thanks,

Kurt