Tue, 9 Jun 1998 23:46:02 -0400
|
--On Tuesday, June 09, 1998, 9:10 PM -0600 Ben Parker <[log in to unmask]>
wrote:
> On Tue, 9 Jun 1998 21:07:19 -0500, Adam Bailey <[log in to unmask]> wrote:
>
>>There's also the common problem of people using a lab computer and then
>>leaving without clearing that information out. Then the next person comes
>>in and starts interacting with the LISTSERV without thinking.
>
> Which is why we recommend you NOT use browser "cookies" unless you are the
> only user of your machine.
This is a problem even without using cookies. Here is a copy of a message
I sent to L-Soft Support about two weeks ago regarding this problem....
--On Thursday, May 28, 1998, 1:07 AM -0400 "Alan S. Dobkin"
<[log in to unmask]> wrote:
> I've noticed that the LISTSERV web interface expires the authentication
> tickets after a set amount of time, which I think is a good security
> measure, especially if the user leaves their workstation. However, it
> is very easy to use the browser's back function to bring up the original
> web page that the person used to authenticate and simply click the login
> button, or worse yet, login and save the password as a cookie.
>
> We have a similar web page that we use for authentication to other web-
> based services, and our workaround to this problem was to use the META
> HTTP-EQUIV="Refresh" tag. This simply reloads the page after a set
> amount of time (we use 120 seconds), which blanks out the form entries.
>
> It would be nice if this tag (or some other workaround) could be added
> into the web interface before 1.8d is officially released.
>
> Thanks,
> Alan
>
> /-------------------------------+---------------------+-----------------\
> | Alan S. Dobkin @ Emory U. ITD | 1784 N. Decatur Rd. | E-Mail Address: |
> | Operating Systems Analyst | Suite 300 (3rd Fl.) | ADobkin |
> | Internet/Intranet Services | Atlanta, GA 30322 | @Emory.Edu |
> | http://ADobkin.ITD.Emory.Edu/ | (404) 727-2766 | FAX #: 727-2599 |
> \-------------------------------+---------------------+-----------------/
|
|
|