Good morning Joe, Wayne and any other moderators
I would like to highlight to you and anyone else that might be unaware of a potential flaw in private/sensitive information security on this site.
As pointed out by Joe a few months back, if you end your session on ASF by clicking the X in the top right hand corner of your IE browser you are not actually logged off from your ASF session as your session is still open in the background and your user name still appears on the online users list and is visible to others.
If you reconnect to the ASF site within a certain period after ending the previous session by clicking the 'X' and not the logout button you will see that your previous session is still open active as it was originally.
This imo has the obvious (to me at least) potential security flaws:
1) Where chatters use pc's/laptops etc of which multiple users have access to then there is a possibility that another user could connect to the ASF site after a previous user had ended their ASF session by clicking the 'X' and 'pretend' to be the original account owner....but I suppose there is no way for anyone to know exactly who is sitting at a chatter's keyboard at any particular time anyway
2) Private and sensitive information in PM's could then also be viewed by these 'other users' which might not be in the interests of the sender of the PM's....this is a much more serious potential risk imo
Personally I think it is ludicrous to send private information to complete strangers in PM's but I suppose some might inadvertantly do it without realising the potential risks involved.
Other reputable sites automatically end the users' sessions and log them off if they click the browser's 'X' for obvious security reasons and so I imagine this site has the same option for the administrators to enable if they choose.
The above doesn't concern me personally because, as I said, I don't send personal information via PM's but others might not be aware of the potential risks on this site.
It might be worth considering enabling ending user sessions after clicking the 'X' if it possible....but that is totally your call.
Just some food for thought