Bugtraq mailing list archives
Re: Webmail.bellsouth.net security problems
From: kragen () POBOX COM (Kragen)
Date: Tue, 25 Aug 1998 22:26:19 -0400
On Tue, 25 Aug 1998, Marc Slemko wrote:
This is one of the situations where cookies are actually one of the better solutions. HTTP authentication is even better, but many people dislike it because they can't control the login prompt and due to how it can be cached by the client.
Well, when I set up a webmail thing on my machine using HTTP Basic authentication, I created a special page (logout.html) which simply returned a "not authorized" response for the webmail realm, no matter what the request was. This would pop up another username/password prompt, which the user could cancel. After that -- at least with Netscape -- they would have to re-enter their username and password before accessing anything that required authentication. I'm not clear that this behavior is required by the standard. Kragen -- <kragen () pobox com> Kragen Sitaker <http://www.pobox.com/~kragen/> We are forming cells within a global brain and we are excited that we might start to think collectively. What becomes of us still hangs crucially on how we think individually. -- Tim Berners-Lee, inventor of the Web
Current thread:
- Serious Security Hole in Hotmail Tom Cervenka (Aug 24)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)
- Re: Serious Security Hole in Hotmail Jonathan A. Zdziarski - Systems Administrator (Aug 25)
- Webmail.bellsouth.net security problems Leonid S. Knyshov (Aug 25)
- Re: Webmail.bellsouth.net security problems Marc Slemko (Aug 25)
- Re: Webmail.bellsouth.net security problems Edward S. Marshall (Aug 25)
- Re: Webmail.bellsouth.net security problems Kragen (Aug 25)
- [paul () boehm org: [cert-advisory () cert org: CERT Summary CS-98.07]] Paul Boehm (Aug 26)
- [djb () redhat com: Unidentified subject!] Paul Boehm (Aug 26)
- SV: Serious Security Hole in Hotmail Jonathan James (Aug 26)
- Re: Webmail.bellsouth.net security problems Joe (Aug 28)
- [SECURITY] Seyon is vulnerable to a root exploit Martin Schulze (Aug 28)
- Update on Linux unfsd Olaf Kirch (Aug 29)
- Buffer overflows in Minicom 1.80.1 Eduardo Navarro (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- Re: Serious Security Hole in Hotmail Jeff Mcadams (Aug 25)