« How To Make Free Phone Calls… | Home | How to Create a WordPress Theme in 5 Minutes Flat - Not! »
Signing out? Oh no you’re not…. My rant of the day!
By johne | November 19, 2008
If there’s one incredibly serious security flaw that I encounter all too often on very important and confidential sites, it’s the inexplicable and unforgiveable design feature wherein some idiot has programmed it so that when you click "sign out" or "log out", instead of doing it they come up with a "Please Confirm" box.
It doesn’t take much common sense to see that that is utterly stupid and nonsensical…
When I hit sign out I expect it to do it. No if’s no buts, just do it. Whether it’s a home machine, or worse still a work, or dare I say public - hotel or internet cafe - machine, this is a major security risk and a cardinal sin of programming.
It is far better to sign out, and then to have to sign in again if I made a mistake, than to leave me logged in so that somebody else could come back and reclaim the session. What proportion of "log out" clicks are erroneous anyway? The system should be "fail safe" - yet they put extra work in for themselves and everybody else because they’re too thick to see that it’s wrong!
And in case any bright spark says I should read the screens presented to me - I do - usually… but it’s all too easy to get distracted, and in any event connection or server problems can mean that the confirmation screen doesn’t appear immediately, and I say again - the system should be "fail safe"!
Topics: General |
Comments
You must be logged in to post a comment.
