Potential Security Flaw
1 followers
0 Likes
One of my group members just found a security issue.
1) Login to my groupsite without checking "remember me" (My groupsite is by invitation only, so you must login)
2) Close all browser windows.
3) Open new browser window and point to my site and goes directly in without prompting for login.
A login screen should be presented to users. This causes a serious security issue for those using CollectiveX on a shared computer.
1 Reply
Reply
Subgroup Membership is required to post Replies
Join Groupsite Champions now
Suggested Posts
| Topic | Replies | Likes | Views | Participants | Last Reply |
|---|---|---|---|---|---|
| RSVP invites not going out | 5 | 0 | 2653 | ||
| XML Export not working | 4 | 0 | 2101 | ||
| Deleting an Empty Category | 1 | 0 | 1481 |
Doug,
This isn't a security flaw in our system, but it is the nature of using service over the Internet and web browsers. Log into your Yahoo! mail, close the window (but not your browser session), open a new window and you will see the same thing occur.
The reason is because closing your browser windows isn't the same as shutting down the browser. The user has not ended their browsing session; and, the browser uses cookies that are specific to the user which are then stored on the computer.
The proper way to end your log-in session with Groupsite.com is to close your browser or to choose "Logout" in the top right hand corner of your Groupsite. The "Remember me" option is used when you want Groupsite.com to remember your session even after quitting your web browser or logging-out.
On a shared computer, users should pay extra care to logout or quit the browser when finished using the Groupsite. This ensures that their session has been closed.