Release 10.1A: OpenEdge Deployment:
WebClient Applications

The dangers of embedding user IDs and passwords in URLs

Each Internet-based server or AppServer a WebClient application wants to access has a URL, which you specify to WebClient when you define the application with the Application Assembler. If the Web server or AppServer requires a user ID or password, you can embed the authentication information in the URL. However, doing so weakens security since it might reveal user IDs and passwords to unauthorized personnel.

Note: Progress Software Corporation recommends user IDs and passwords not be embedded in server URLs.