WebApp Sec mailing list archives
RE: Is logoff feature necessary
From: "Deepu Thomas Philip" <deepu.philip () paladion net>
Date: Tue, 2 May 2006 15:26:11 +0530
I would say it to be wrong!!!! Some of the many issues would be as follows: 1. What if the user forgets to close the window? -> Then the session would be kept alive 2. If there is no 'Logout' then the data is always visible when the browser is kept alive. 3. Suppose another instance of the same browser is created? Then the session is kept alive till all the browsers are closed. If logout button was not necessary then I would say that definitely mail sites such as Hotmail, Yahoo, Gmail would not have it. They could also follow with the process of browser closure. But that is not the case !!!! All in all . A logout button has to be there . And the best recommendation for a high profile application would be auto closure of the browser when logout is issued. Regards, Deepu Thomas Philip PALADION NETWORKS -- Website : http://www.paladion.net Magazine: http://palisade.paladion.net/ -- Disclaimer: This e-mail message may contain confidential or proprietary information. Do not use it if you are not the original intended recipient. As e-mail may be altered electronically, Paladion Networks cannot guarantee the integrity of this communication. Before opening any attachments please recheck them for viruses and defects. -----Original Message----- From: test.future () gmail com [mailto:test.future () gmail com] Sent: Tuesday, May 02, 2006 1:11 PM To: webappsec () securityfocus com Subject: Is logoff feature necessary We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the session can be terminated by closing the browser. Is it correct? Thanks. ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- Is logoff feature necessary test . future (May 02)
- Re: Is logoff feature necessary Vicente Aguilera (May 03)
- Re: Is logoff feature necessary Daniel Persson (May 03)
- Re: Is logoff feature necessary Peter Conrad (May 03)
- Re: Is logoff feature necessary Luciano Miguel Ferreira Rocha (May 03)
- Re: Is logoff feature necessary ViersOnline (May 03)
- RE: Is logoff feature necessary Deepu Thomas Philip (May 03)
- Re: Is logoff feature necessary Michael Silk (May 03)
- Re: Is logoff feature necessary Dave Ferguson (May 03)
- RE: Is logoff feature necessary Rod Divilbiss (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- Administrivia: Is logoff feature necessary Andrew van der Stock (May 03)
- RE: Is logoff feature necessary Keith Duffin (May 03)
- Re: Is logoff feature necessary Andrew van der Stock (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- RE: Is logoff feature necessary wa0qmj (May 03)
- RE: Is logoff feature necessary M. Burnett (May 03)
- Re: Is logoff feature necessary Robert Hajime Lanning (May 03)