You have to ask what is "safe removal" We always hear about "secure login" and we make sure the connection is secure by different ways. you can access key applications of various devices and logoff to believe firmly that you exit the application and no one can access your account. you better be ready to face the evil !! today advanced browsers try to provide you with a seamless experience and sometimes while creating a good working experience, compromise with the security aspects. while you keep several open browser tabs, just disconnect from a tab to a application may not be enough because if the browser is closed completely, it can maintain the state of the cookie and allow you to return to your original session. Sometimes just come back to the page toured the place you you're offline.
So how do you ensure that disconnection really means that nobody can get to your session? The simple and effective way is to ensure that the session cookie for this application is disabled once you press the disconnect button. NetScaler on when using the TM-AAA functionality for authentication and NetScaler NSC_TMAA would set the cookie and if you work with the secure site then there NSC_TMAS extra cookie. If you disable these cookies successfully during the disconnect event and the client browser honors the reversal then you can be assured that your old session can no longer access it. These cookies are set for the domain authentication on NetScaler and any other application that is part of the same domain authentication via NetScaler will be affected. The key here is to set a date in the past that expiration will ensure that the client expires these cookies looking at age date
A sample configuration for OWA 2010, will this magic :.
- add the rewriting action owa2010_invalidate_tmas_cookie_act insert_http_header Set-Cookie "" NSC_TMAS = xyz; Domain = yourdomain.com ;. Path = /; expires = Wednesday 09-nov-1999 11:12:40 p.m. GMT; Secure ""
- add rewrite action owa2010_invalidate_tmaa_cookie_act insert_http_header Set -cookie "" NSC_TMAA = xyz ; Domain = yourdomain.com ;. Path = /; expires = Wednesday 09-nov-1999 11:12:40 p.m. GMT; Secure ""
- add political owa2010_invalidate_tmas_cookie_pol rewriting "HTTP.REQ.URL.CONTAINS (" owa / auth /logoff.aspx? Cmd = logoff & src = exp ")" owa2010_invalidate_tmas_cookie_act
- add political owa2010_invalidate_tmaa_cookie_pol rewriting "HTTP.REQ.URL.CONTAINS (" owa / auth / logoff.aspx? Cmd = logoff & src = exp ")" owa2010_invalidate_tmaa_cookie_act
- bind lb vserver owa2010 -policyName owa2010_invalidate_tmas_cookie_pol -priority 0 -gotoPriorityExpression 100 ANSWER kind
- bind lb vserver owa2010 -policyName owa2010_invalidate_tmaa_cookie_pol -priority 100 -gotoPriorityExpression END kind RESPONSE
Although the binding of these policies to make sure you do not have any other policies linked with the same priority in the system on the given bind points. Although this approach is validated internally, but you must make sure that it works for the deployment of your application. Policies here are designed keeping OWA server applications in mind and if you want this configuration to be effective for other applications, then please make sure to change policies with disconnection correct URL.
A simple and effective solution to ensure application security 
0 Komentar