WebApp Sec mailing list archives
Re: Is logoff feature necessary
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Tue, 2 May 2006 09:57:43 -0700
The purpose of logging out is to terminate your session. The settings vary from app to app, but yes, sessions can be terminated by closing the browser or from session inactivity after a certain number of idle minutes have passed. But from a security standpoint, I would not say it's unnecessary. For best practices and standard security policies, it's usually more than just a 'nice-to-have' depending on your business and data requirements. For example, again, depending on your app, maybe your site license limits you to a few simultaneous users. Logging out is important because it will complete your session, allowing another user to access the app. If you do not properly log out and the max number of users are using the app, no one else will be able to use the app until your session expires. Cheers! On 2 May 2006 07:41:02 -0000, test.future () gmail com <test.future () gmail com> wrote:
We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the session can be terminated by closing the browser. Is it correct? Thanks. ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
-- Alexander.Bolante () gmail com abolante.blogspot.com ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- Re: Is logoff feature necessary, (continued)
- Re: Is logoff feature necessary Michael Silk (May 03)
- Re: Is logoff feature necessary Dave Ferguson (May 03)
- RE: Is logoff feature necessary Rod Divilbiss (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- Administrivia: Is logoff feature necessary Andrew van der Stock (May 03)
- RE: Is logoff feature necessary Keith Duffin (May 03)
- Re: Is logoff feature necessary Andrew van der Stock (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- RE: Is logoff feature necessary wa0qmj (May 03)
- RE: Is logoff feature necessary M. Burnett (May 03)
- Re: Is logoff feature necessary Robert Hajime Lanning (May 03)
- Re: Is logoff feature necessary Alexander Bolante (May 03)
- Re: Is logoff feature necessary Alexis FitzGerald (May 03)
- RE: Is logoff feature necessary wa0qmj (May 03)
- RE: Is logoff feature necessary André Gil (May 03)
- RE: Is logoff feature necessary Steven Rebello (May 03)
- RE: Is logoff feature necessary King, Stuart (REHQ-LON) (May 03)
- RE: Is logoff feature necessary Jeff Robertson (May 03)
- RE: Is logoff feature necessary Popowycz, Alex (May 03)
- RE: Is logoff feature necessary Sarbjit Singh Gill (May 03)
- RE: Is logoff feature necessary Currey, Mick A (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)