[TriLUG] konqueror security

M. Mueller (bhu5nji) bhu5nji at yahoo.com
Tue Feb 5 11:56:08 EST 2002


When I log out of KDE and log back in and access the secure web site, I am 
presented with the log-in dialog (as desired).

I agree with your point about the poor security authentication of the site, 
but the Mozilla work around is easier that the Konqueror workaround.  I'll be 
forwarding this conversation to the webhost provider so they can be made 
aware of the problem in more detail.

As it stands now, it seems safer to use Mozilla for secure websites.  In 
doing so, I lose the ability to click to email using KMail, and that's extra 
work for me.

Thanks,
Mike


On Tuesday 05 February 2002 11:35 am, you wrote:
> What happens, when you log out of KDE and log back in? If this fixes the
> problem, then it would appear that konqueror starts and stops with the
> loading/unloading of KDE, unlike mozilla. In which case, this is not a
> security bug in konqueror, but a security issue with the sites
> authentication design.
>
> On Tuesday 05 February 2002 10:53 am, you wrote:
> > Has anyone else experienced using konqueror to access a secure website
> > and then been unable to logout of the site?
> >
> > When I go to my webhost control website, I have to login.  When I am
> > finished, I have to close the brower.  That's lame, I know, but that's
> > how it is according to the webhost support team.  With Mozilla this works
> > fine. With Konqueror I go right back to the secure area I left when I
> > bring up a new browser session and access the website again.
> >
> > I tried turning off cache and purging cache.  I killed all the cookies. 
> > I rm'd ~/.kde/share/config/konq_history.  I rm'd
> > ~/.kde/share/konqueror/konq_history. Nothing worked to solve this
> > problem.
> >
> > To make matters worse, the Go-Most Often Visited menu seems impossible to
> > clean out.  As a result, any one can click on the links in the list and
> > go straight the secure areas that cannot be logged out of.  I grepped on
> > the strings displayed in the menu and never found anything.  I did:
> >
> > cd ~
> > grep -r "menu string here" ./*
> >
> > Any ideas on how to clean out the the Go-Most Often  Visited list?
> >
> > I found that others on the web have discovered this trait in Konqueror
> > and described it as Konqueror refusing to release security resources. 
> > They also discovered that by logging out, the security resources would be
> > released, thus forcing a login to the secure website.  I checked out this
> > report and verified it as being true.  The Go-Most Often Visited menu was
> > not cleared.
> >
> > This behavior is unsettling to me.  If I use Konqueror on a machine that
> > does not belong to me to access my private accounts, I am left wondering
> > if I can eliminate remnants of information about my accounts from that
> > machine.  Until I learn more, I will not use any machine that I cannot
> > control 100% to access private accounts.  Is this a rational conclusion?
> >
> > Mke M.
> > _______________________________________________
> > TriLUG mailing list
> > http://www.trilug.org/mailman/listinfo/trilug
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug



More information about the TriLUG mailing list