Re: User Auth.

• To: www-security@ns2.rutgers.edu
• Subject: Re: User Auth.
• From: cdp@ecmwf.int
• Date: Wed, 27 Mar 1996 22:59:01 +0000 (GMT)
• In-Reply-To: <Pine.SOL.3.91.960327125103.1645I-100000@thebrain.aa.ans.net> from "Brian W. Spolarich" at Mar 27, 96 01:03:19 pm

Content-Transfer-Encoding=8bit
X-Date Wed Mar 27 22:59:01 GMT 1996
X-Mailer: ELM [version 2.4 PL22]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 2116      

In a previous mail , Brian W. Spolarich wrote :
 >   I saw the question and comment as entirely reasonable, and not 
 > deserving of such a heavy flame.  :-]
 > 
 >   -brian
 > 
 > --
 > Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
 > 	   We're Starfleet officers...weird is part of the job.
 > 
 > 

	You are right, the question, if not the comment, is reasonable (otherwise
I would not have bothered trying to figure out a possible solution, and
probably no one else either).

	I usually despise flames, for being at the least unconstructive and just
make people feel bad,  and I now find myself quite surprised to have wrongly
and badly flamed someone (maybe I am a new victim of the "mad cow disease
syndrom" which is taking over the whole of England, where I live ;-).

	But the comment to the question was itself a flame (much milder than
mine) against browsers, in the line of: I want that feature, and you must do as
I want. And this is probably what triggered my unjustified angry answer.

	Anyway I feel I must apologise to whoever might have felt offended by my
answer. Next time I'll take a glass of fresh water before flaming someone !

	To come back to the question, which was to "force or allow my users to
"logout" without quitting the client", I understand that this may be done
without the user explicitly requesting it, so, only the server could enforce it
in the present situation, because none of the most widespread browsers does
it.

	Because the initial question seemed to me to be a request for a solution
*now* for the problem, and not for future developments of the protocol and the
browsers, and because there does not seem to be any built-in capability in all
the browsers and present implementations of the most frequent servers, one must
try to work one out through CGI scripts, cookies or a temporary server with a
different port or URL's for protected documents so that the authentification
cached by the browser does not apply .


--
 Philippe Parmentier	 E-mail : P.Parmentier@ecmwf.int
 Snail : ECMWF, Shinfield Park, Reading, Berkshire RG2 9AX, U.K.

• Re: User Auth.
• From: "Brian W. Spolarich" <briansp@ans.net>

• Previous: Capturing E-Mail Address of
• Next: Unsuscribe
• Index(es):
  • Index
  • Thread