| Prev | Next
Menu: Products - Portfolio - Services - Download - Order - Company
 
Topic #1.1.1.1.
Security
   Security Basics  
   Site Map  
   Define User Lists  
   Login Form  
   Categorize Pages  
   Checkpoint Chunk  
   Client side risks  
   Log Out Procedure  
*

  

Browsing >>Client side risks: Preventing problems due to "accidental" exposure on the client side

Problem
A legitimate surfer might use your site and then leave the browser unattended, either at an Internet cafe or in an unsecured office situation.

Someone else could sit down at the station and use the [Back] button to look for confidential information.

Solution
The solution requires two steps:

  1. For all pages that have sensitive data, use the EXPIRES macro: 
    (~EXPIRES|-1~)
    anywhere on the page (preferably from a shared chunk).

  2. At the top of all protected pages, call a shared chunk which runs the IFINACTIVEFORSEC macro, so that if someone tries to retrieve a secure page (either via [Back] or by clicking a link), and the timeout period has elapsed, the BOUNCE will occur and the person will have to log in again.

 
Path:  www.href.com to; Services to; Tech Talk Archive to; Security to; Client side risks

Copyright © 1995-2012 HREF Tools Corp. All Rights Reserved Worldwide.
Running: WebHub-v2.167 compiled with d16_win32 on Microsoft-IIS/7.5,
Local Time: Thu, 24 May 2012 05:00:40.
Session 452429792, 68 pages sent to CCBot/1.0 (+http://www.commoncrawl.org/bot.html) at 38.107.179.227;
Time to produce this page: 0msec.