[3447] in WWW Security List Archive
CGI Security
daemon@ATHENA.MIT.EDU (Saeid Parivash)
Mon Nov 4 13:30:56 1996
From: "Saeid Parivash" <PARIVASH@cc1.unt.edu>
To: www-security@ns2.rutgers.edu
Date: Mon, 4 Nov 1996 10:10:11 CST
Errors-To: owner-www-security@ns2.rutgers.edu
Hello everyone,
I have written a cgi application in C, which creates a document. The
user is then asked to input their ID and PIN #. The user then submits
the document (method "POST"), and gets some information back.
Their is a security problem with the above CGI application. What if
the user is in the lab, and does not close his navigator. Some one
can come along and click on the "back button" on their browser, and
find out the user ID and PIN #.
What can i do so that the document is not cached or making the
document expire from the cache. So if a user does click on the back
button on their browser, it will now show the document with the ID
and PIN #.
Any help would be appreciated.
Thanks in advance,
Saeid.
PARIVASH
