|
WebApp Sec
mailing list archives
Re: Is logoff feature necessary
From: "Alexander Bolante" <alexander.bolante () gmail com>
Date: Tue, 2 May 2006 09:57:43 -0700
The purpose of logging out is to terminate your session. The settings
vary from app to app, but yes, sessions can be terminated by closing
the browser or from session inactivity after a certain number of idle
minutes have passed. But from a security standpoint, I would not say
it's unnecessary. For best practices and standard security policies,
it's usually more than just a 'nice-to-have' depending on your
business and data requirements.
For example, again, depending on your app, maybe your site license
limits you to a few simultaneous users. Logging out is important
because it will complete your session, allowing another user to access
the app. If you do not properly log out and the max number of users
are using the app, no one else will be able to use the app until your
session expires.
Cheers!
On 2 May 2006 07:41:02 -0000, test.future () gmail com
<test.future () gmail com> wrote:
We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the
session can be terminated by closing the browser. Is it correct? Thanks.
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
--
Alexander.Bolante () gmail com
abolante.blogspot.com
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: Is logoff feature necessary, (continued)
RE: Is logoff feature necessary wa0qmj (May 03)
RE: Is logoff feature necessary M. Burnett (May 03)
Re: Is logoff feature necessary Robert Hajime Lanning (May 03)
Re: Is logoff feature necessary Alexander Bolante (May 03)
Re: Is logoff feature necessary Alexis FitzGerald (May 03)
RE: Is logoff feature necessary wa0qmj (May 03)
RE: Is logoff feature necessary André Gil (May 03)
RE: Is logoff feature necessary Steven Rebello (May 03)
RE: Is logoff feature necessary King, Stuart (REHQ-LON) (May 03)
|
Intro
