# Web Application Password Injection

In some circumstances you wish to have strong per-user authentication via the Agilicus AnyX firewall, but, wish the users to be mapped to a weak internal user on a web page. And, you may wish to do this in such a way the end user cannot know this password.

This is often called 'password stuffing' or 'password injection'.

Examples would include automatically logging in to VTScada.

To enable this setting while configuring a new web application,

![Password Injection Vulnerability: Web application security flaw where attackers bypass authentication by directly injecting passwords into the login process. Learn how to protect your web applications from password injection attacks with AnyX. Image shows a typical login form with username and password fields.](https://www.agilicus.com/www/46abf655-image-1024x650.png)    To make this change on an already configured application, use the 'Resources/Applications/Overview', click on the application to change, and select the security tab.

![Password Injection Protection with AnyX: Secure your web applications by preventing password exposure. AnyX gateway dynamically injects passwords, safeguarding them from appearing in web application code or logs. This enhances security and simplifies password management for web applications. The diagram illustrates AnyX as a secure gateway, intercepting user requests, injecting credentials, and forwarding the authenticated request to the web application, ensuring sensitive data remains protected.](https://www.agilicus.com/www/f1accb67-image-1024x650.png)