[Dshield] A few issues at the DShield site…
Johannes B. Ullrich
jullrich at sans.org
Thu Aug 10 16:47:35 GMT 2006
I worked on the 'remember me' function this morning and I think I found
a stupid error with the cookie. see if its better now.
Peter Stendahl-Juvonen wrote:
> Valdis et al.
> Thanks for prompt reply.
> Please find elaboration (on one of the DShield challenges) below your post.
> 8.8.2006 17:32 (UTC+3), Valdis.Kletnieks at vt.edu kirjoitti/wrote:
>>> On Tue, 08 Aug 2006 00:25:11 +0300, Peter Stendahl-Juvonen said:
>>>> *The 'Remember me' option does not function* . :-(
>>>> Only once, when leaving the DShield site and returning before closing
>>>> Firefox (18.104.22.168 FI), did I manage to avoid the redundant re-login
>>> This is quite often the result of a cookie blocker. Are you accepting
>>> cookies from the DShield site?
> 1) Yes, am accepting cookies from the DShield site. :-D
> 2) I have also turned in the browser's settings the wiping of the
> cookies off at close of browser (exit, un-launch).
> 3) For the purpose, use instead a browser extension doing the erase of
> *unprotected* cookies at start-up (launch) of the browser.
> Please, however note, that I have set the DShield auto-login cookie as a
> 'Protect[ed] cookie', which means the DShield auto-login cookie will
> stay as it is in the browser cache, until the respective (DShield in
> this case) site alters the content of the cookie.
> 4) Also have classified the auto-login cookie (set by the DShield site
> into my browser's cache) as 'Protect cookie' in the privacy tool I use.
> Therefore, the privacy tool does *not* erase, i.e. wipe its contents
> beyond recovery, scramble its name and dates and finally remove it from
> Thanks anyway for checking. :-)
> 5) Please, also accept apology for the disinformation regarding the "one
> time automatic successful re-login" as it was unluckily clearly just
> disinformation and factually never happened, as I clarified in another
> post [8.8.2006 19:37 (UTC+3)] to this list:
> (START QUOTE)
> Being able to get back into the authenticated http connection was due to
> using the Internet browser's 'return to previous page' function.
> If and when attempting to return to the DShield site by targeting for,
> e.g. URL https://secure.dshield.org/myreports.php does not invoke an
> authenticated http connection (with the help of the auto-login cookie in
> browser cache). The DShield server changes the previously valid content
> of the cookie to contain the text string "invalid" (without the quotes)
> as soon attempting authentication by means of the auto-login cookie.
> Unluckily, the malfunction of the 'Remember me' feature causes multiple,
> redundant logins. :-(
> Nevertheless, please consider removing the 'Remember me' feature, if it
> cannot be fixed (by obtainable means).
> Not having the malfunctioning 'Remember me' feature available would save
> one hand movement as well as a tick in the box (in the 'Remember me'
> fill in form). :-)
> Thanks in advance for fixing the bug (or removing of the broken feature).
> (END OF CITATION)
> BTW, *the DShield site is the one and only site*, where I experience
> *issues with automated login*.
> Therefore, the question remains;
> *does the DShield auto-login feature work properly for someone*?
> What Internet browser do you use?
> Does the does the DShield auto-login feature work *frequently* properly
> for someone?
> Thanks in advance for any pointers.
> - Pete
> "Absence of proof is not proof of absence."
> Carl Sagan (1934-1996); US astronomer.
Learn from the founder of DShield how to secure your Internet presence
with Linux, Apache, MySQL, PHP.
Las Vegas, Oct. 2nd-6th 2006
(Brochure Code: ISC)
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
Johannes Ullrich jullrich at sans.org
Chief Research Officer (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS
"We use [isc.sans.org] every day to keep on top of
security at our bank" Matt, Network Administrator.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.dshield.org/pipermail/list/attachments/20060810/60d7f300/attachment.bin
More information about the list