The login authentication is cached so that once you log in, the pages are
accesible for around 20 minutes (by default) I think this is more of a web
server concern than a ColdFusion issue.
-----Original Message-----
From: Jennifer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 12, 2000 2:56 PM
To: [EMAIL PROTECTED]
Subject: 4.5.1 administrator security
I just noticed something that I think is bad, so I hope somebody has found
a setting for this. Since the client uninstalled 4.0 to install 4.5.1 for
Solaris, some of our settings (particularly the debugging settings) were
lost. I can get to the administrator remotely, so I logged in to add the
debugging settings. 20 minutes later (or maybe longer), I had to go back to
the administrator to check a setting, so in a different window of the same
browser program, I went to the administrator address again (by selecting
the bookmark). When I went to the address, I was automatically logged in. I
closed the window, opened a new window and tried again to make sure that I
had really done that the first time. The same thing happened. So I exited
the browser and reopened it. When I tried to go to the administrator, I had
to login.
I don't want to have anybody with access to my browser being able to change
things in the administrator because I haven't closed it recently enough. I
have looked for a setting to turn this off, but I haven't found one. I'm
not suspecting that anyone around here would start changing the server
settings through my browser, but I would prefer that they were unable to.
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
