Re: login security issue
Re: login security issue
- Subject: Re: login security issue
- From: Thomas Pelaia II <email@hidden>
- Date: Thu, 13 Jul 2006 08:08:43 -0400
Thanks for all the helpful input. I am using a combination of the three approaches suggested. For the record, setting the name of the password field to session.sessionID as suggested was enough to fix the problem.
From: Anjo Krank <email@hidden> Date: July 12, 2006 11:54:54 PM EDT To: Chuck Hill <email@hidden> Cc: WebObjects List <email@hidden> Subject: Re: login security issue
Am 12.07.2006 um 22:31 schrieb Chuck Hill:
If you set the headers to disallow caching it should prevent what Thomas is describing. However, if the user allowed the browser to save their password, there is nothing you can do.
Sure you can: set the name of the username field to session.sessionID. Then, when you go back and have caching disallowed and the page re-renders, it has a field name the browser hasn't seen before and so it can't fill it out. This is totally annoying for users that *want* teir info stored, though ;)
Cheers, Anjo
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden