[3616] in WWW Security List Archive
CGI Security
daemon@ATHENA.MIT.EDU (Saeid Parivash)
Sat Nov 23 01:15:01 1996
From: "Saeid Parivash" <PARIVASH@cc1.unt.edu>
To: www-security@ns2.rutgers.edu
Date: Fri, 22 Nov 1996 20:33:01 CST
Errors-To: owner-www-security@ns2.rutgers.edu
First i would like to thank everyone that responded to my message.
(ie. using the "pragma" tag with "no-cache"; it works great.)
However, i am wondering if this is possible:
I have written a CGI application in C that creates 2 documents with
"pragma" tag set to "no-cache" (method "POST") on both document.
First document asks the user to enter an ID and PIN#. When the user
submits the document, a document (2nd doc) is created, which displays
specific info. based on ID and PIN#. Now, if the user clicks the back
button on their browser, it will take him back to the 1st document,
and the user must click on the "reload button" (ie. "pragma" tag "no-
cache") to display the 1st doc. with ID and PIN# field set to blank.
Now, the user clicks the forward button on their browser, which than
takes him to the 2nd document. At this point the user must click on
the reload button(ie. "pragma" tag "no-cache") to display the 2nd doc.
that contains specific info. based on the ID and PIN#.
Question:
1. Is it possible to ask the user for ID and PIN# again, when
the user clicks on the reload button to redisplay the 2nd
document or somehow authenticate the user before redisplaying
the 2nd document?
2. Is it possible to kill a navigator through a CGI?
Any help would be appreciated.
Thanks in advance
Saeid
