Re: session management

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I think you don't understand a single bit of what I said,
please re-read my mail...

1) I'm not blaming dieter.
2) it's not about microsoft security bugs.
   ("it's not a bug, it's a feature, stupid")
3) it's not about windows.
4) it's not about IE

1a) I'm not blaming anyone, I just point to what *I* believe
    it's a security problem.
2a) I'm not pointing bugs in microsoft software,
    the url completion is a *normal* feature (in many browsers now).
3a) it happens on linux too.
4a) it happens on mozilla too.

please, keep your anti-microsoft propaganda to yourself
and try to be constructive instead of bashing left & rigth.

/sergio
pd: if you want to continue the flaming, instead of trying
to help, mail me privately, no need to bother other people.

----- Original Message ----- 
From: "Dr Default" <drd...@ho...>

> Whoever comes to the Whitehouse Computer keyboard can very possibly
> press the button for
> Full Global Nuclear War. That's why they only let chosen (elected) fools
> do that..
> Besides, somehow it seems unfair to me to blame Dieter for Microsoft's
> well spread security bugs.
> Workaround one: disable the 'remember my password' bit in IE and you are
> halfway there..
> Workaround two: disable windows and install linux
> 
> -----Original Message-----
> From: sql...@li...
> [mailto:sql...@li...] On Behalf Of
> Sergio A. Kessler
> Sent: zondag 3 maart 2002 1:58
> To: Dieter Simader
> Cc: Kenneth Gonsalves; sql...@li...
> Subject: Re: session management
> 
> 
> /me knocks my embarrased head...
> 
> ok, anyway, while we are at it: whoever come to my computer
> can log in my name, as the url (with the encrypted passwd)
> stay in the browser cache...
> (thanks to url completion features in IE, mozilla et al)
> 
> I just type "aba" in my browser and he show me many
> urls to access sql-ledger bypassing the login dialog,
> for example, this:
> http://abacus.sql-ledger.org/sql-ledger/menu.pl?path=bin/mozilla&action=
> acc_
> menu&login=sergio&password=
> 
> note the passwd IS there (it's just blank), so skipping the login dialog
> is just too easy, even it happened me accidently...
> 
> and that can be a big security problem in bussiness...
> 
> /sergio
> 
> ----- Original Message -----
> From: "Dieter Simader" <dsi...@sq...>
> 
> 
> > There is no session management in SQL-Ledger.
> >
> > If you have session management than you are not using the official
> > version of SQL-Ledger.
> >
> > I suggest you complain to whoever added session managment.
> >
> >
> > Dieter Simader    http://www.sql-ledger.org   (780) 472-8161
> > DWS Systems Inc.     Accounting Software       Fax: 478-5281
> > =========== On a clear disk you can seek forever ===========
> >
> > On Sat, 2 Mar 2002, Sergio A. Kessler wrote:
> >
> > > a solution would be to use http auth
> > > (wich is a lot more simple than sessions),
> > > but dieter is against it  :(
> > >
> > > /sergio
> > >
> > > ----- Original Message -----
> > > From: "Kenneth Gonsalves" <la...@th...>
> > >
> > >
> > > > hi
> > > > problem:
> > > > user starts a session on a web based app. connection gets cut. he
> > > > re-establishes connection and tries to login. message - 'already
> logged in
> > > > get lost'. he has to wait anything upto 30 minutes for his
> > > > previous
> > > session
> > > > to expire before being able to do his work. any solution for this?
> 
> > > > kg