Re: [Q] How to prevent storage of SSL session information?

From: Barry Margolin (barmar@genuity.net)
Date: 10/22/02 

From: Barry Margolin <barmar@genuity.net>
Date: Tue, 22 Oct 2002 15:18:31 GMT

In article <3DB4AF9C.E7799689@-NOSPAM-2host.com>,
2Host.com - Robert <admin@-NOSPAM-2host.com> wrote:
>
>
>Chanho Jung wrote:
>>
>> Thanks....
>>
>> Somebody uses Internet Banking at public PC (like A University Library PC)
>> and then (NOT IE Browser Exit but only Logout)....
>>
>> In this case, next man can automatic login Internet Banking using IE Back
>> Button.
>>
>> How to implment perfectly Logout Page of Internet Banking using https ?
>>
>
>If someone's going to use a public system for online banking, they
>deserve what happens. Anyway, you can have them clear the browser cache,
>any cookies/sessions, etc. and shut down the browser, but if it's a

I think his question is what the web page should do to protect the customer
if he doesn't remember to follow these instructions.

I've used some financial web sites where the Back button doesn't work; when
I try it, I get an error page complaining that some data wasn't available.
I'll bet if the OP asks his question in a web authoring newsgroup he'll be
able to find out how those pages work.

>public system someone can more easily just install a key logger and it's
>all over anyway. As I said, anyone that banks online from a public
>system has bigger problems.

I would hope that a public kiosk wouldn't allow customers to install
arbitrary programs like key loggers. The kiosk owner would, but I think
most of us are more concerned about the next user than the kiosk operator
(this trust may not be well founded, but it's obviously very common --
people have few qualms about entering their POP server password to read
their mail). 

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Quantcast