Date: Sun, 7 Jan 1996 23:55:42 -0500 (EST)
> Yeah, but, doesn't NetScape compare cached pages to the site and access
> the most recent? In this case a site which had changed would still require a
> password; the cached page would not be available.
That's a user-configurable option in Netscape. You can ask Netscape to
check documents, or to *only* use the cached document.
> And if accessing a password-protected pagewithout filling out the
> screen name/password form is a desired shortcut this could easily be
> accomplished by bookmarking the login page _with_ your screen name and
> password. This is possible under NetScape, gives the user control over the
> password and avoids any of the security pitfalls others have described.
Wrong. In standard HTTP user authentication on most browsers,
including Netscape, the browser remembers up to about eight passwords
as long as it is running. But when you add a page to your bookmarks,
you are not saving the login and password information. Again, though,
this is a browser feature issue; a browser *could* have the feature to
remember all passwords. That simply isn't implemented widely.
> At 07:53 PM 1/7/96 -0500, Jeremy Hylton wrote:
> >I don't thing this is a bug, and it might even be a feature that I
> >want as a user. If I had permission to get a page at some point, and
> >it is still in memory or on my disk, I'd like to be able to display
> >it.
Yes and no. The exception might be on shared workstations. If a browser
is configured to save its cache files in an area that successive users
are able to read, then you just gave your protected data away. The
alternative, of course, is to ask your browser to blow away cache
files before you exit.
- -Josh
_____________________________________________________________________
Josh Hartmann josh@the-tech.mit.edu
The New York Times josh@nytimes.com
Electronic Media Company
1120 Ave. of the Americas 212 597 8057
New York, NY 10036 fax 212 597 8081
------------------------------
End of online-news-digest V1 #462
*********************************
From owner-online-news-digest@marketplace.com Mon Jan 8 20:03:11 1996
Received: from marketplace.com (majordom@marketplace.com [199.45.128.10]) by cnj.digex.net (8.6.12/8.6.12) with ESMTP id UAA15763 ; for ; Mon, 8 Jan 1996 20:03:09 -0500