I'm wondering how other people are handling password-type security for their
internet apps. Are you passing in the password as an url parameter or
setting a cookie? If it's a url parameter, it shows up in the browser
history which then could be run by anyone using the link in the browser
history. If it's a cookie, I know setting the date/time parameter of ?,?
will cause the cookie to be stale when the browser is closed. But if a
person simply shuts off their computer, how does this affect the cookie?
Could someone log back on and then use the history and the cookie to get
back in to the application?
As well, since all web objects are on the propath how do you prevent people
from typing in any object without first going through your logon routine?
Thanks
-Todd
internet apps. Are you passing in the password as an url parameter or
setting a cookie? If it's a url parameter, it shows up in the browser
history which then could be run by anyone using the link in the browser
history. If it's a cookie, I know setting the date/time parameter of ?,?
will cause the cookie to be stale when the browser is closed. But if a
person simply shuts off their computer, how does this affect the cookie?
Could someone log back on and then use the history and the cookie to get
back in to the application?
As well, since all web objects are on the propath how do you prevent people
from typing in any object without first going through your logon routine?
Thanks
-Todd