|
|
Web Application Security
Is logoff feature necessary May 02 2006 07:41AM test future gmail com (14 replies) Re: Is logoff feature necessary May 02 2006 08:06PM Robert Hajime Lanning (robert lanning gmail com) RE: Is logoff feature necessary May 02 2006 12:40PM Rod Divilbiss (rod rodsdot com) (1 replies) RE: Is logoff feature necessary May 03 2006 10:59AM Auri Rahimzadeh (auri auri net) (2 replies) Administrivia: Is logoff feature necessary May 03 2006 12:53PM Andrew van der Stock (vanderaj greebo net) Re: Is logoff feature necessary May 02 2006 09:32AM Luciano Miguel Ferreira Rocha (strange nsk no-ip org) |
|
Privacy Statement |
Some of the many issues would be as follows:
1. What if the user forgets to close the window? -> Then the session would
be kept alive
2. If there is no 'Logout' then the data is always visible when the browser
is kept alive.
3. Suppose another instance of the same browser is created? Then the session
is kept alive till all the browsers are closed.
If logout button was not necessary then I would say that definitely mail
sites such as Hotmail, Yahoo, Gmail would not have it. They could also
follow with the process of browser closure. But that is not the case !!!!
All in all . A logout button has to be there .
And the best recommendation for a high profile application would be auto
closure of the browser when logout is issued.
Regards,
Deepu Thomas Philip
PALADION NETWORKS
--
Website : http://www.paladion.net
Magazine: http://palisade.paladion.net/
--
Disclaimer:
This e-mail message may contain confidential or proprietary information. Do
not use it if you are not the original intended recipient. As e-mail may be
altered electronically, Paladion Networks cannot guarantee the integrity of
this communication. Before opening any attachments please recheck them for
viruses and defects.
-----Original Message-----
From: test.future (at) gmail (dot) com [email concealed] [mailto:test.future (at) gmail (dot) com [email concealed]]
Sent: Tuesday, May 02, 2006 1:11 PM
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Is logoff feature necessary
We have a web applicaiton which do not have logoff button. The developer
claims that it is unnecessary, since the session can be terminated by
closing the browser. Is it correct? Thanks.
------------------------------------------------------------------------
-
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
------------------------------------------------------------------------
--
------------------------------------------------------------------------
-
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
------------------------------------------------------------------------
--
[ reply ]