LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Confirmation on ADD requests by List Owner

"Alan S. Dobkin" <[log in to unmask]>

Tue, 9 Jun 1998 23:46:02 -0400

text/plain (43 lines)

--On Tuesday, June 09, 1998, 9:10 PM -0600 Ben Parker <[log in to unmask]>
wrote:

> On Tue, 9 Jun 1998 21:07:19 -0500, Adam Bailey <[log in to unmask]> wrote:
>
>>There's also the common problem of people using a lab computer and then
>>leaving without clearing that information out. Then the next person comes
>>in and starts interacting with the LISTSERV without thinking.
>
> Which is why we recommend you NOT use browser "cookies" unless you are the
> only user of your machine.

This is a problem even without using cookies.  Here is a copy of a message
I sent to L-Soft Support about two weeks ago regarding this problem....

--On Thursday, May 28, 1998, 1:07 AM -0400 "Alan S. Dobkin"
<[log in to unmask]> wrote:

> I've noticed that the LISTSERV web interface expires the authentication
> tickets after a set amount of time, which I think is a good security
> measure, especially if the user leaves their workstation.  However, it
> is very easy to use the browser's back function to bring up the original
> web page that the person used to authenticate and simply click the login
> button, or worse yet, login and save the password as a cookie.
>
> We have a similar web page that we use for authentication to other web-
> based services, and our workaround to this problem was to use the META
> HTTP-EQUIV="Refresh" tag.  This simply reloads the page after a set
> amount of time (we use 120 seconds), which blanks out the form entries.
>
> It would be nice if this tag (or some other workaround) could be added
> into the web interface before 1.8d is officially released.
>
> Thanks,
> Alan
>
> /-------------------------------+---------------------+-----------------\
> | Alan S. Dobkin @ Emory U. ITD | 1784 N. Decatur Rd. | E-Mail Address: |
> |   Operating Systems Analyst   | Suite 300 (3rd Fl.) |     ADobkin     |
> |  Internet/Intranet Services   | Atlanta, GA 30322   |   @Emory.Edu    |
> | http://ADobkin.ITD.Emory.Edu/ |  (404) 727-2766     | FAX #: 727-2599 |
> \-------------------------------+---------------------+-----------------/

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM