Obsolete Releases > SME 8.x Contribs
Pydio not logging out
Daniel B.:
--- Quote from: peterking on April 04, 2016, 10:05:23 AM ---The problem:
user1 accesses smeserver/pydio for their shared directories, however they cannot log out. When user2 on a different machine tries to access Pydio they are actually shown the same screen that user1 cannot log out from!
--- End quote ---
Absolutely not (or this would indeed be a big security concern). The session is linked to the browser. There's no way you can get the previous session on a different machine. When using basic auth, there's only one way to end the session: close the browser. The disconnect button which doesn't work was just redirecting the user to an arbitrary page. It had no security purpose.
peterking:
Hi Daniel,
Thanks for the speedy reply.
I will check my testing and try again but I am sure that is what I saw. I am using Virtualbox for my test server and using different Vmachines and browsers to test.
You mention basic authentication being an issue. Does this mean we can use a better form of authentication that ensures a users can log out terminates the session and prevents the problem?
Thanks
Peter
Daniel B.:
--- Quote from: peterking on April 04, 2016, 10:17:03 AM ---You mention basic authentication being an issue. Does this mean we can use a better form of authentication that ensures a users can log out terminates the session and prevents the problem?
--- End quote ---
I don't consider this as an issue, it's the way it works. It's not a problem as long as you are aware of it. There are other ways to auth (against LDAP for example), but it's a lot harder to configure, because you'll have to do it by hand
peterking:
Daniel,
With all due respect. That is your opinion.
The introduction states: 'Koozali SME Server is a complete, secure, stable and versatile'
If smeserver is designed for business use, security should be the first priority.
I think smeserver is a great solution with a strong community. I would like to believe I can get around this problem.
The majority of file sharing solutions would not be in business very long if they took the same view.
What do the other members say?
best wishes,
Peter
Daniel B.:
--- Quote from: peterking on April 04, 2016, 10:26:49 AM ---The introduction states: 'Koozali SME Server is a complete, secure, stable and versatile'
If smeserver is designed for business use, security should be the first priority.
--- End quote ---
And security is a top priority for me. I just don't consider basic auth a security issue, as long as you are aware that you must close your browser to end the session.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version