>I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail. >Users can log back into the service from cached pages. This is a huge >security hole, especially for users access these services from public >terminals. Subsequent users can just use the back button to go back in the >previous session history and log in as the previous user. This is not uncommon in web based email & conferencing packages, however, most are authored to only allow this for a certain amount of time and to disregard the attempt if the user logged out properly. Out of curiosity, did you test this with the two variables of time and a logout? James
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:14 PDT