- From: George Staikos <staikos@kde.org>
- Date: Thu, 28 Sep 2006 09:58:33 -0400
- To: "James A. Donald" <jamesd@echeque.com>
- Cc: public-usable-authentication@w3.org
On Tuesday 26 September 2006 20:51, James A. Donald wrote: > > > I mean - by way of example - imagine you walk up to a free public > > > internet terminal in an airport - then click the "back" button on the > > > browser a few times. You get all kinds of fun stuff - personal > > > emails, bank statements, corporate intranets, etc etc... > > George Staikos wrote: > > I don't think this is a solvable problem. It's I/O error. I could > > leave my wallet on the cashier counter and lose all my money and credit > > card/SSN/etc numbers too. > > But you know you are leaving your wallet on the cashier counter. > > The display of personal information should require a login, and a login > should result in an icon or page somewhere on the screen that displays a > logout button. And if that page or icon goes away, you should be logged > out. Alternatively there should be an icon on the desktop showing that > you are currently logged in to whatever, and you can click on that icon > to logout all. Basically what you are talking about is a floating login token. This is often achieved with a cookie but it doesn't clear the cache necessarily. I would say this is more of an implementation bug in the browser and/or the site when this happens. When I log out of my bank site, I am logged out, period. Perhaps there are some memory buffers with content but if someone is examining my memory space I have worse problems. -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/
Received on Thursday, 28 September 2006 13:59:00 UTC