From: Oliver W. <ma...@ol...> - 2004-08-30 07:03:57
|
Hi Damon, I havent tried it, but do you use InternetExplorer ? If so, I guess this is anonther damned caching problem ob this buggy piece of software... Oliver Damon Smith wrote: > Hi all, I just submitted a bug; Using x509 login, if I logout, it takes > me back to the login challenge screen, but if I then click "back" in the > browser, and then click "reload" in the browser, I have full access to > the site again. > > So if I clicked logout and happily left my terminal, A black hat could > jump onto my terminal, click back, click reload, and approve all the > requests he or she pleased. > > I don't know if it works for password login as well, but people > shouldn't rely on the logout function. The only way to make sure you're > properly logged out is to shut down all browsers. > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > Openca-Users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openca-users -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 |