|
A quick question about invalidating
sessions:
Is there a way to detect whether a session is still
active without implementing some sort of login/logout scheme (i.e. is there some
way to invalidate a session without explicit input from the user, other than
simply letting it time out)?
Thanks,
James
|
This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken.
Sanitizer (start="1058992325"):
Forcing message to be multipart/mixed, to facilitate logging.
Writer (pos="1132"):
Part (pos="1181"):
Part (pos="200"):
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Match (rule="8"):
ScanFile (file="/var/spool/filter/anomy/att-3f1ef0c5-MO3-unnamed.txt"):
Scan succeeded, file is clean.
Enforced policy: accept
Part (pos="645"):
SanitizeFile (filename="unnamed.html", mimetype="text/html"):
Match (rule="8"):
ScanFile (file="/var/spool/filter/anomy/att-3f1ef0c6-88E-unnamed.html"):
Scan succeeded, file is clean.
Enforced policy: accept
Note: Styles and layers give attackers many tools to fool the
user and common browsers interpret Javascript code found
within style definitions. References:
- http://www.securityfocus.com/bid/630
- http://archives.indenial.com/hypermail/bugtraq/2001/January2001/0512.html
Rewrote HTML tag: >>_STYLE_<<
as: >>_DEFANGED_STYLE_<<
Rewrote HTML tag: >>_/STYLE_<<
as: >>_/DEFANGED_STYLE_<<
Total modifications so far: 2
Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.54 2002/02/15 16:59:07 bre Exp $
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
