[imp] Windows XP caches login credentials.
Alain Williams
addw@phcomp.co.uk
Mon, 15 Jul 2002 23:52:33 +0100
On Mon, Jul 15, 2002 at 06:46:12PM -0400, Joe Kellner wrote:
> >From the apache docs:
>
> How do I log out?
> Since browsers first started implementing basic authentication, website
> administrators have wanted to know how to let the user log out. Since the
> browser caches the username and password with the authentication realm, as
> described earlier in this tutorial, this is not a function of the server
> configuration, but is a question of getting the browser to forget the
> credential information, so that the next time the resource is requested, the
> username and password must be supplied again. There are numerous situations
> in which this is desirable, such as when using a browser in a public
> location, and not wishing to leave the browser logged in, so that the next
> person can get into your bank account.
>
> However, although this is perhaps the most frequently asked question about
> basic authentication, thus far none of the major browser manufacturers have
> seen this as being a desirable feature to put into their products.
>
> Consequently, the answer to this question is, you can't. Sorry.
Ease of use & 'functionality' wins over security every time.
Why do you think that M$ is so popular ?
--
Alain Williams
#include <std_disclaimer.h>