Re: Web page automatic time out

[Patrick P Murphy <pmurphy () NRAO EDU>]

On Thu, 29 May 2008 18:49:10 -0400, Morrow Long <morrow.long () YALE EDU> said:

> On May 29, 2008, at 4:38 PM, Kubb, Rick wrote:

> > We’re looking for a way to have specific web pages automatically
> > timeout after so many minutes of inactivity.  For example, if an
> > individual is viewing a web page with confidential information on it
> > in a public place, say a walk-up computer at a conference, then walks
> > away without closing the browser, what methods are available to have
> > pages automatically close???  Any thoughts on this would be greatly
> > appreciated.

> Here is one way -- note that it can be overcome if someone is really
> determined...

Exactly.  And when you're dealing with confidential information, it is
likely impossible to guarantee a technological solution that will make a
page "automatically close".

The meta tags described in the previous post are probably the best way
of doing this.  Most of the common browsers will honour those, and I
don't know offhand of an easy way to defeat them, especially the refresh
one (though I'm sure a Firefox add-on could be written to do just that).

Cookies, of course, can be ignored (and often are) by the web client,
depending on the disposition of the user.

You might also want to think "outside the box", for example does your
University have a policy that enforces/mandates a locking screen saver
after so many minutes of inactivity.

 - Pat

--
 Patrick P. Murphy, Ph.D.     NRAO Webmaster, Computing Security Manager
 http://www.nrao.edu/~pmurphy/          http://chien-noir.com/maze.shtml
 "Inventions then cannot, in nature, be a subject of property."
                                    -- Thomas Jefferson, August 13, 1813