AW: Mac OS 9 Idle Lock Bug

[sflothow () SCHLOSS-ONLINE DE (Flothow, Sebastian)]

> It's possible to set up the
> Finder so that, if the current user goes idle, the screen will be
> locked.  A simple dialog box is displayed stating that the system has
> been idle for too long and a password must be entered.
>
> You have two options.  Click OK and enter the password to return to
> your session or click OK and click Log Out. It's possible to seize
> control of Mac OS under certain conditions by clicking Log Out.

so you can log out the current user and quit all apps without having to
enter a password? i think this is the real security flaw, not apps which ask
wether you want to save changes.

> Some applications have the "feature" of asking you if you're sure that
> you want to quit.  For example, if connected to a UNIX host using
> NiftyTelnetSSH, it will ask you if you're sure you want to disconnect
> when the application quits.  Other applications with unsaved data will
> ask if you want to save changes.  Most of these dialog boxes have OK
> and Cancel or Yes, No and Cancel for options.  Hitting Cancel at any
> of these "are you use" dialog boxes will stop the logout process and
> return you to the current session.

which is useful if you hit quit and you actually don't want to quit (i know,
this is for silly lusers, but they exist). to quit an app without asking,
there had to be another event, which current apps wouldn't support.

> Now, being primarily a UNIX user that also uses Mac OS for graphics
> and Web page design, I realize that relying on Mac OS for physical
> security is about as silly as relying on the Windows 95 password
> "protected" screensaver for security.  I just figured that I'd point
> out this small issue because the Mac OS 9 ads seem to be pushing the
> added security benefits of upgrading to Mac OS 9 and its voiceprint
> password protection.

well, it seems /this/ kind of protection doesn't work. however, if you shut
down the mac, you'll have to log in when booting.