WebApp Sec mailing list archives

Re: Is logoff feature necessary

From: "Daniel Persson" <mailto.woden () gmail com>
Date: Tue, 2 May 2006 11:22:24 +0200

Hey.

If you take out the security issue then it's still a good idea to put
a logoff feature for future use. If you need to clean up after a
session that is usually a good point to do it. And for user sense of
security it's good practise to use it. Even if you don't beleave the
security will increase the customer could interpret it as a more
secure and wellthough of security application.

And then we have the uncertenty of the browser. Even if there is a
good chance that all user information is purged everytime you close
the browser, because that is the general practise, you can't be
certent of that.

So convice your developer to make the effort.

best regards

Daniel

On 2 May 2006 07:41:02 -0000, test.future () gmail com
<test.future () gmail com> wrote:

We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the 
session can be terminated by closing the browser. Is it correct? Thanks.

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------



--
Daniel Persson
mailto.woden () gmail com

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------

Current thread:

Is logoff feature necessary test . future (May 02)
- Re: Is logoff feature necessary Vicente Aguilera (May 03)
- Re: Is logoff feature necessary Daniel Persson (May 03)
- Re: Is logoff feature necessary Peter Conrad (May 03)
- Re: Is logoff feature necessary Luciano Miguel Ferreira Rocha (May 03)
- Re: Is logoff feature necessary ViersOnline (May 03)
- RE: Is logoff feature necessary Deepu Thomas Philip (May 03)
- Re: Is logoff feature necessary Michael Silk (May 03)
- Re: Is logoff feature necessary Dave Ferguson (May 03)
- RE: Is logoff feature necessary Rod Divilbiss (May 03)
  - RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
    - Administrivia: Is logoff feature necessary Andrew van der Stock (May 03)
    - RE: Is logoff feature necessary Keith Duffin (May 03)

(Thread continues...)