[1731] in WWW Security List Archive
RE: User Auth.
daemon@ATHENA.MIT.EDU (Paul Leach)
Tue Mar 26 23:38:03 1996
From: Paul Leach <paulle@microsoft.com>
To: "'Nathan Neulinger'" <nneul@umr.edu>,
"'Robert S. Muhlestein'"
<robertm@teleport.com>
Cc: "'S.W. Cheung'" <swcheung@hkimd.cig.mot.com>,
"'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Date: Tue, 26 Mar 1996 15:18:08 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
I'm not so sure it's a good idea. I don't like trusting browsers to do
the right thing -- they're big programs. (It's bad enough you have to
trust huge OS kernels.) It's better to exit the program and let the OS
make sure that no info from the old program image leaks. It's even
better to log out.
>----------
>From: Robert S. Muhlestein[SMTP:robertm@teleport.com]
>Sent: Tuesday, March 26, 1996 11:27 AM
>To: Nathan Neulinger
>Cc: S.W. Cheung; www-security@ns2.rutgers.edu
>Subject: Re: User Auth.
>
>On Tue, 26 Mar 1996, Nathan Neulinger wrote:
>
>> I've suggested a "Unauthenticate" menu option to netscape many times, but
>> it's not like they ever listen to users.
>>
>> -- Nathan
>
>This is a great idea. Anyone suggested this to Netscape and the
>others?
>
