httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laura Vance <van...@winfreeacademy.com>
Subject Re: [users@httpd] LogOut
Date Wed, 01 Sep 2004 14:35:31 GMT
Hello,

If it only works on IE, then I would have to say that it's very likely 
not a standards-complient method.  When things don't follow standards, 
the vendor has no obligation to continue including them.  Even the 
article says that the users had to "convince" the IE team to do it.  
This tells me that the IE team could reconsider and remove it if they 
feel so inclined, then you're stuck with a specific version of IE and 
nothing else will work.

I agree with everyone who said that using a session cookie is best, 
because you can overwrite a cookie with blank values just as quickly as 
you can write a data-filled cookie to the browser.  And it's not there 
until the user wants it to be there by logging in. 

One of the solutions mentioned on that site (Windows Integrated 
Authentication) was that the browser could log itself into the 
application if it's inside your network without username/password.  
Maybe I'm paranoid, but I don't want one level of security to override 
the other levels of security. (ex. criminal gets physical access to a 
machine and then doesn't have to worry about authentication)  I want the 
electronic security model to be used no matter what other security a 
person is trying to bypass.  Granted, eventually someone could get into 
the systems if they wanted to, but I prefer not to help them. ;)

Anyway, these are just my thoughts, and in no way does it mean you have 
to abandon what you've done, but it's just something else to consider. :)


Martinez Gonzalez, Francisco wrote:

>!!
>
>I found a solution, but only works on =>IE 6.0 SP1
>
>The site with the solution is:
>http://weblogs.asp.net/kclemson/archive/2003/11/17/53911.aspx
>
>
>:)
>  
>
-- 
Thanks,
Laura Vance
Systems Engineer
Winfree Academy Charter Schools



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message