Menu
▾
▴
Re: session management
|
From: Sergio A. K. <ser...@ho...> - 2002-03-05 00:12:28
|
dieter, sometimes things are not that simple... for example, rigth now, in my company (not a big one) one of boys in charge of accounting is in vacations, and other female employee took his place (using another username of course) using *the same* computer of the boy... (we are not using sql-ledger, by the way) in my previous work (at a university) allmost all computers were shared betwen users, in fact, in that place there were employees using the computer at the morning, and others users using the same computer past midday... all this using win98, a monouser system... I understand you don't want to add http auth because dnhttpd doesn't support it, and I respect your desicion... (also I understand this is not a big priority) /sergio ----- Original Message ----- From: "Dieter Simader" <dsi...@sq...> > This apparent *security risk* is not a security risk at all. > > If you are concerned about other people accessing your terminal then you > log off, or activate your screen saver, simple enough! > > > Dieter Simader http://www.sql-ledger.org (780) 472-8161 > DWS Systems Inc. Accounting Software Fax: 478-5281 > =========== On a clear disk you can seek forever =========== > > On Mon, 4 Mar 2002, kevin bailey wrote: > > > hi there > > > > first thing - i am not an HTML/PERL expert - but... > > > > is there no way that perl can effecitvely wipe any password when the > > page loads - and then it is only the button/submit event which requests > > the login. > > > > again - not my area of expertise etc. but surely we should find a way to > > sort out this potential security risk, > > > > kev bailey > > > |
