I am helping in fixing the scalability of a web app. While digging through the code looking for the problem spots. I saw a piece of code and a comment saying:
# One common problem with login is that people can hit the back button
# after a user logs out and relogin by using the cached password in
# the browser. We generate a unique hashed timestamp so that users
# cannot use the back button.
Wow that is an amazing feature! But it clearly shows the previous developer did not understand the framework he/she was working on. The framework provided the login page to timeout, I guess this feature doesn't exists anymore along with the other security features, since he/she heavily changed it and erased the code to secure the login page.
Hopefully I don't become a developer that looks at a wheel, not able to understand the wheel and create my own wheel which is square.
No comments:
Post a Comment