Your message dated Fri, 22 Jul 2005 10:14:56 +0200
with message-id <[EMAIL PROTECTED]>
and subject line sql-ledger: Logout does not properly terminate a session
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Jul 2005 13:11:25 +0000
>From [EMAIL PROTECTED] Tue Jul 12 06:11:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms-smtp-01-lbl.southeast.rr.com
(ms-smtp-01-eri0.southeast.rr.com) [24.25.9.100]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DsKXl-0001f9-00; Tue, 12 Jul 2005 06:11:25 -0700
Received: from vulcan.knowmad.com (cpe-069-132-004-012.carolina.res.rr.com
[69.132.4.12])
by ms-smtp-01-eri0.southeast.rr.com (8.12.10/8.12.7) with ESMTP id
j6CDBMBH019735
for <[EMAIL PROTECTED]>; Tue, 12 Jul 2005 09:11:22 -0400 (EDT)
Received: from william by vulcan.knowmad.com with local (Exim 3.36 #1 (Debian))
id 1DsKXh-0007rz-00
for <[EMAIL PROTECTED]>; Tue, 12 Jul 2005 09:11:21 -0400
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: William McKee <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: sql-ledger: Logout does not properly terminate a session
X-Mailer: reportbug 3.8
Date: Tue, 12 Jul 2005 09:11:20 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: sql-ledger
Version: 2.4.7-2
Severity: grave
Justification: user security hole
Using the Logout option on the menu takes the user back to the login screen.
However, the session is still active which means anyone else may walk up to the
system and use the History or the Back button of the browser to access all
account information for the previously logged in user. This is not a big deal
within a small intranet but poses a security risk on an internet-accessible
server.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages sql-ledger depends on:
ii apache2-mpm-prefork [httpd] 2.0.54-4 traditional model for Apache2
ii libdbd-pg-perl 1.41-3 a PostgreSQL interface for Perl 5
ii perl 5.8.4-8 Larry Wall's Practical Extraction
ii perl-dummy [perl] 1.0 Custom compiled Perl 5.8.2. This d
-- no debconf information
---------------------------------------
Received: (at 317925-done) by bugs.debian.org; 22 Jul 2005 08:15:05 +0000
>From [EMAIL PROTECTED] Fri Jul 22 01:15:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pat.uio.no [129.240.130.16] (7411)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DvsgT-0002yd-00; Fri, 22 Jul 2005 01:15:05 -0700
Received: from mail-mx4.uio.no ([129.240.10.45])
by pat.uio.no with esmtp (Exim 4.43)
id 1DvsgP-0000td-1J
for [EMAIL PROTECTED]; Fri, 22 Jul 2005 10:15:01 +0200
Received: from saruman.uio.no ([129.240.201.202])
by mail-mx4.uio.no with esmtp (Exim 4.43)
id 1DvsgK-0008W2-Ey; Fri, 22 Jul 2005 10:14:56 +0200
Received: from pre by saruman.uio.no with local (Exim 4.44)
id 1DvsgK-0006kK-1u; Fri, 22 Jul 2005 10:14:56 +0200
To: [EMAIL PROTECTED]
Subject: Re: sql-ledger: Logout does not properly terminate a session
From: Petter Reinholdtsen <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Sender: Petter Reinholdtsen <[EMAIL PROTECTED]>
Date: Fri, 22 Jul 2005 10:14:56 +0200
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.699, required 12,
autolearn=disabled, ALL_TRUSTED -2.82, AWL 2.12,
UIO_MAIL_IS_INTERNAL -5.00)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
[William McKee]
> Currently my version is functioning as expected so you can close
> this ticket.
OK. Closing this bug, as it must have been some user or browser
hickup.
> I'll try to track it down further if I can reproduce this behavior.
Thank you.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
