Unknown user may login

Go down

Unknown user may login

Post  Kenny on Wed Apr 08, 2009 11:59 am



Anyone can modify data


Possible Error


Severity


Form page


Location


Possible correction


Comment


1


Homepage ‘Remember’ remembers ALL the time


high


Homepage


http://www.daspecster.com/cam/index.php/


Recode the ‘Remember’


(see below)
Since this is a Web app, if a user does not logout explicitly (probably was accessed from a Cafe), I think it is possible for an UNKNOWN USER to continue accessing the database for any Camper from the same computer used.

At the homepage, it's like the 'Remember' is performing its duty without being asked to do that.
avatar
Kenny

Posts : 14
Join date : 2008-09-29

View user profile

Back to top Go down

Re: Unknown user may login

Post  steven.oxley on Tue Apr 14, 2009 5:42 am

Kenny wrote:
Since this is a Web app, if a user does not logout explicitly (probably was accessed from a Cafe), I think it is possible for an UNKNOWN USER to continue accessing the database for any Camper from the same computer used.

At the homepage, it's like the 'Remember' is performing its duty without being asked to do that.

If you are referring to the fact that a user will stay logged in for a certain amount of time, then yes, the user is "remembered." If you close your browser and open it back up again, however, you will see that you must log in again because the cookie has been deleted.
'Remember' is for if you want the cookie to persist for multiple browser sections. I don't think it would be a very user-friendly "feature" to require our users to log in every time they switched pages.

steven.oxley

Posts : 56
Join date : 2009-01-16
Age : 30
Location : India

View user profile http://stevenoxley.blogspot.com/

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum