Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Webmail.bellsouth.net security problems

From: kragen () POBOX COM (Kragen)
Date: Tue, 25 Aug 1998 22:26:19 -0400

On Tue, 25 Aug 1998, Marc Slemko wrote:

This is one of the situations where cookies are actually one of the better
solutions.  HTTP authentication is even better, but many people dislike it
because they can't control the login prompt and due to how it can be
cached by the client.


Well, when I set up a webmail thing on my machine using HTTP Basic
authentication, I created a special page (logout.html) which simply
returned a "not authorized" response for the webmail realm, no matter
what the request was.  This would pop up another username/password
prompt, which the user could cancel.  After that -- at least with
Netscape -- they would have to re-enter their username and password
before accessing anything that required authentication.

I'm not clear that this behavior is required by the standard.

Kragen

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
We are forming cells within a global brain and we are excited that we might
start to think collectively.  What becomes of us still hangs crucially on
how we think individually.  -- Tim Berners-Lee, inventor of the Web
Previous By Date Next
Previous By Thread Next

Current thread: