[Zope] Security question

Chris McDonough chrism@digicool.com
Fri, 17 Mar 2000 17:51:01 -0500


Daniel,

THis is a limitation of HTTP basic authentication and is not a
Zope-specific problem.

Either quit the browser before you leave or write a short dtml method:

<dtml-raise Unauthorized>
Logout
</dtml-raise>

and call it before you leave.  Note that you need to call it, then click
"OK", or you will still be logged in.

-----Original Message-----
From: Daniel.Weber@SEMATECH.Org [mailto:Daniel.Weber@SEMATECH.Org]
Sent: Friday, March 17, 2000 5:27 PM
To: zope@zope.org
Subject: [Zope] Security question


As far as authorization goes, I've noticed that I get prompted for a
user-name/password only once during a session.  After you've been
validated, it
appears zope does not prompt you again for that browser session.

The reason I'm concerned is that if I have to do maintenance on someone
else's
web browser, how do I ensure that after I leave a person cannot use the
back
button or history list to gain manager access to the site?  Do I have to
exit
the browser when I'm done?

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )