[1733] in WWW Security List Archive
Re: User Auth.
daemon@ATHENA.MIT.EDU (Brian W. Spolarich)
Wed Mar 27 01:05:15 1996
Date: Tue, 26 Mar 1996 20:35:27 -0500 (EST)
From: "Brian W. Spolarich" <briansp@ans.net>
To: Nathan Neulinger <nneul@umr.edu>
cc: "S.W. Cheung" <swcheung@hkimd.cig.mot.com>, www-security@ns2.rutgers.edu
In-Reply-To: <v02130501ad7db80d4646@[131.151.253.33]>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 26 Mar 1996, Nathan Neulinger wrote:
> Unfortunately, all the browsers seem to have the buttheaderd notion that
> you'd never want to do this... Makes them completely unsuitable for a
> shared lab environment.
>
> I've suggested a "Unauthenticate" menu option to netscape many times, but
> it's not like they ever listen to users.
Annoyingly, you can't even view the hostname/realm/username sets to see
what "tickets" you currently have cached in the browser. Considering the
amount of use HTTP Basic authentication current has (and the lack of a
well-implemented or ubiquitous alternative), you'd think the various
clients would support this a bit more robustly.
Perhaps if we all sent them mail they'd listen? :-] How hard can it be
to display to the user a report of the authentication data, and a button to
destroy the cache? This isn't rocket science.
-brian
--
Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
We're Starfleet officers...wierd is part of the job.
