[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Minor secuity concern

Subject: Minor secuity concern
From: "Chris Travers" <..hidden..>
Date: Mon, 18 Sep 2006 21:16:25 -0700

This issue may not be something that can be fixed immediately, nor is
it extremely severe.  It just limits the utility of session timeouts.

The browser stores the username and password in the cache, and when
you click the "refresh" button, will resubmit these.  This will
re-initialize the session without the user having to enter the
username or password.  Of course this requires access to the computer
running the browser, but it is worth noting.

Best Wishes,
Chris Travers

Prev by Date: Re: Calling all testers: 1.1 now in feature freeze
Next by Date: LedgerSMB Testing Status and Update
Previous by thread: Clarification on Next Version
Next by thread: LedgerSMB Testing Status and Update
Index(es):
- Date
- Thread