W3C home > Mailing lists > Public > public-usable-authentication@w3.org > September 2006

Re: Comprehensive list - known Threat and Protection table

From: James A. Donald <jamesd@echeque.com>
Date: Wed, 27 Sep 2006 10:51:03 +1000
Message-ID: <4519CAF7.3070208@echeque.com>
To: George Staikos <staikos@kde.org>
CC: public-usable-authentication@w3.org

> > I mean - by way of example - imagine you walk up to a free public
> > internet terminal in an airport - then click the "back" button on the
> > browser a few times.  You get all kinds of fun stuff - personal
> > emails, bank statements, corporate intranets, etc etc...

George Staikos wrote:
>   I don't think this is a solvable problem.  It's I/O error.  I could leave my 
> wallet on the cashier counter and lose all my money and credit card/SSN/etc 
> numbers too.

But you know you are leaving your wallet on the cashier counter.

The display of personal information should require a login, and a login 
should result in an icon or page somewhere on the screen that displays a 
logout button.  And if that page or icon goes away, you should be logged 
out.  Alternatively there should be an icon on the desktop showing that 
you are currently logged in to whatever, and you can click on that icon 
to logout all.
Received on Wednesday, 27 September 2006 00:56:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:14 GMT