• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: login security issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login security issue


  • Subject: Re: login security issue
  • From: Thomas Pelaia II <email@hidden>
  • Date: Thu, 13 Jul 2006 08:08:43 -0400

Thanks for all the helpful input.  I am using a combination of the three approaches suggested.  For the record, setting the name of the password field to session.sessionID as suggested was enough to fix the problem.
thanks, tom




On Jul 13, 2006, at 6:19 AM, email@hidden wrote:

From: Anjo Krank <email@hidden>

Date: July 12, 2006 11:54:54 PM EDT

To: Chuck Hill <email@hidden>

Cc: WebObjects List <email@hidden>

Subject: Re: login security issue




Am 12.07.2006 um 22:31 schrieb Chuck Hill:


If you set the headers to disallow caching it should prevent what Thomas is describing.  However, if the user allowed the browser to save their password, there is nothing you can do.


Sure you can: set the name of the username field to session.sessionID. Then, when you go back and have caching disallowed and the page re-renders, it has a field name the browser hasn't seen before and so it can't fill it out. This is totally annoying for users that *want* teir info stored, though ;)


Cheers, Anjo


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Follow-Ups:
    • Re: login security issue
      • From: " Kuon - Nicolas Goy (Goyman.com SA) - 時期精霊 " <email@hidden>
  • Prev by Date: Re: EOUtilities.primaryKeyForObject
  • Next by Date: Re: WWDC WO Meet
  • Previous by thread: Re: login security issue
  • Next by thread: Re: login security issue
  • Index(es):
    • Date
    • Thread