[isf-wifidog] immediate user disconnect feature

Wichert Akkerman wichert at wiggy.net
Lun 28 Avr 13:55:22 EDT 2008

Previously acv wrote:
> 	How about protecting this callback with the auth code that protects
> the status? Also, the status could maybe add a "disconnect" button for every
> connection?

The thought had occured to me. The reason I did not do that is that it
complicates the protocol a bit while was not sure that is really needed.

Haven given this a bit more thought I can see that this is useful: if
the auth server uses http instead of https (which I would expect to be a
common scenario) an attacker can sniff the token and logout the user
even after we have secured the status page.

I'll code the http authentication change tomorrow when I'm back at work.


Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

Plus d'informations sur la liste de diffusion WiFiDog