[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Expertise and Innovation - was Re: Non-Borg serve
On Thu, 2004-02-05 at 01:08, Alaric B Snell wrote: > And it's still the case that both users and programmers have less > control over HTTP auth; browsers still don't give you "logout" buttons > that uncache the username and password you've entered, the credentials > have to be submitted with every request rather than just once (widening > the window of vulnerability to snooping), the server cannot enforce that > sessions expire after a certain period of inactivity (and sometimes they > will *need* to mandate that to meet the requirements of banking > applications and so on, regardless of user browser choices and > settings), and so on. > but my commonwealth bank site does time out sessions and so does qantas... isn't this an application problem rather than browser problem after time x (10/20 minutes of inactivity) i have to log in again. seems to me it wouldn't be too hard (though possibly inconvenient to users) to have absolute timeouts as well. and the sessions are encrypted, and the keys are generated for every session... how much more secure do you need? rick > ABS > > > ----------------------------------------------------------------- > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an > initiative of OASIS <http://www.oasis-open.org> > > The list archives are at http://lists.xml.org/archives/xml-dev/ > > To subscribe or unsubscribe from this list use the subscription > manager: <http://lists.xml.org/ob/adm.pl> >
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|