[TriLUG] konqueror security
M. Mueller (bhu5nji)
bhu5nji at yahoo.com
Tue Feb 5 10:53:29 EST 2002
Has anyone else experienced using konqueror to access a secure website and
then been unable to logout of the site?
When I go to my webhost control website, I have to login. When I am
finished, I have to close the brower. That's lame, I know, but that's how it
is according to the webhost support team. With Mozilla this works fine.
With Konqueror I go right back to the secure area I left when I bring up a
new browser session and access the website again.
I tried turning off cache and purging cache. I killed all the cookies. I
rm'd ~/.kde/share/config/konq_history. I rm'd
~/.kde/share/konqueror/konq_history. Nothing worked to solve this problem.
To make matters worse, the Go-Most Often Visited menu seems impossible to
clean out. As a result, any one can click on the links in the list and go
straight the secure areas that cannot be logged out of. I grepped on the
strings displayed in the menu and never found anything. I did:
cd ~
grep -r "menu string here" ./*
Any ideas on how to clean out the the Go-Most Often Visited list?
I found that others on the web have discovered this trait in Konqueror and
described it as Konqueror refusing to release security resources. They also
discovered that by logging out, the security resources would be released,
thus forcing a login to the secure website. I checked out this report and
verified it as being true. The Go-Most Often Visited menu was not cleared.
This behavior is unsettling to me. If I use Konqueror on a machine that does
not belong to me to access my private accounts, I am left wondering if I can
eliminate remnants of information about my accounts from that machine. Until
I learn more, I will not use any machine that I cannot control 100% to access
private accounts. Is this a rational conclusion?
Mke M.
More information about the TriLUG
mailing list