cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathaniel Alfred" <Alfred.Nathan...@swx.com>
Subject RE: software licensing - security.
Date Mon, 03 Feb 2003 11:36:22 GMT
>-----Original Message-----
>From: Antonio Gallardo [mailto:agallardo@agsoftware.dnsalias.com]
>Sent: Montag, 3. Februar 2003 12:10
>To: cocoon-dev@xml.apache.org
>Subject: Re: software licensing - security.
>

>
>I think sometimes is good to restrict the access of the users. I got a
>recently requirement for a customer (for security reasons):
>
>"The user can run oly one session into the system".
>
>The idea is that if you are already loged-on a computer. You cannot run
>another session with the same username and password. Also 
>nobody can use
>your username and password to go into the system, because you 
>are already
>using it.
>
>Of course if the user need to move to another computer, he 
>must first logoff.
>
>I know that this requeriment is unusual. But some companies 
>has this kind
>of rules of bussiness. ;-)
>
>I thinked that we can change the authentication manager to set some
>parameters into this area. What you think?
>

We also had this requirement from one of our customers.  The trouble is
though that with HTTP the server cannot know, if the user is still at
the other end.

If the browser crashes ,or the user closes it without logging of, the
server keeps the session until it times out.  If you say, the second
login is rejected, you will need to wait for the session timeout
(typically 20 minutes), before the user can get in again.
(A similar scenario is, that the user went to his boss to show him
something, but can't login there because he forgot to logout first on
his own browser.)

Therefore, you should sell your customer at least the compromise, that
the second login succeeds but dumps the first login.

To implement that one only needs to loop over all existing sessions and
expire immediately those with the same credentials.  (I have currently
no idea, where this could be done.)

Cheers, Alfred.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message