Browse Prior Art Database

A Process for Resetting Proxy Authorization Values that are Automatically Cached by Web Browsers Developed for Pervasive Computing Devices

IP.com Disclosure Number: IPCOM000123382D
Original Publication Date: 1998-Oct-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 2 page(s) / 99K

Publishing Venue

IBM

Related People

Barrett, R: AUTHOR [+5]

Abstract

One problem that exists for web browsers such as Pocket Internet Explorer that are developed for pervasive computing devices such as the Philips VELO is that they cache authentication information (i.e. username and password values). When attempting to access a web page that requires authentication, the web browser is sent a challenge (i.e., response code 407) which results in the need for the user to enter a login name and password. Once the login name and password are entered, the user is authenticated and thus may access the web pages that required authentication. On browsers that execute on workstations (e.g. vanilla Internet Explorer) the browser deletes this authentication information when it is exited.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 51% of the total text.

A Process for Resetting Proxy Authorization Values that are Automatically
Cached by Web Browsers Developed for Pervasive Computing Devices

   One problem that exists for web browsers such as Pocket
Internet Explorer that are developed for pervasive computing devices
such as the Philips VELO is that they cache authentication
information (i.e. username and password values).  When attempting to
access a web page that requires authentication, the web browser is
sent a challenge (i.e., response code 407) which results in the need
for the user to enter a login name and password.  Once the login name
and password are entered, the user is authenticated and thus may
access the web pages that required authentication.  On browsers that
execute on workstations (e.g. vanilla Internet Explorer) the browser
deletes this authentication information when it is exited.  Thus, the
user's authentication has been safely deleted and the browser on the
workstation may be used by another user without this new user having
access to pages for which the previous user was authenticated.

   Some web browsers such as Pocket Internet Explorer that
are developed for pervasive computing devices assume that it is safe
to cache authentication information.  Thus, even if the browser is
exited and the pervasive computing device is disconnected and turned
off, the browser continues to cache the user's login and password.
Furthermore, the browser uses this information to automatically
respond to web server challenges (i.e., 407 responses) *without*
consulting the user and therefore not providing the user the
opportunity to enter a different user login and password.  In fact,
only if the browser's automatic response to a challenge fails will
the user be given the opportunity to directly enter a new user login
and password.  This behavior has two important ramifications.  First,
if the user wishes to permit another user to borrow his pervasive
computing device, allowing this new user to enter his/her login and
password cannot be done unless a web page is found in which the first
user's login and password can be challenged and not accepted, thus
forcing the browser to provide the new user an opportunity to enter a
login and password.  Second, sinc...