[Wikipedia-l] possible security issue
Brion Vibber
brion at pobox.com
Wed Jul 9 19:44:03 UTC 2003
rubenste at ohio.edu wrote:
>I need advice, or concrete help, concerning a technical matter. I have
>been abroad for the past four days, and have been accessing Wikipedia
>from internet cafes. When I log on, I of course have avoided checking
>the box that asks if I want the computer to remember by password across
>sessions. Nevertheless, I have just discovered that the computers I
>have been using now long me on automatically.
>
Are you sure of that? Note that when you log out (or let the session
time out), any pages you've visited while logged in are still in your
browser's cache.
If the page doesn't change by the next time you visit, the cached
version will be displayed, with your name in the corner, but as far as
the wiki is concerned, you're not logged in.
Note also that the wiki _does_ leave a cookie with your username when
you log in, so when you come back it puts the last username you used in
the login form (but not the password). If you're paranoid, clear the
cookies manually when you're finished.
If it *is* automatically logging you in, that could be a problem. More
information would help.
-- brion vibber (brion @ pobox.com)
More information about the Wikipedia-l
mailing list