|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Is disabling browser caching secure?
From: Kyle Maxwell (krmaxwell
gmail.com)
Date: Wed Apr 19 2006 - 16:07:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 18 Apr 2006 15:59:46 -0000, smith.nortongmail.com
<smith.nortongmail.com> wrote:
> Many articles on the net speaks of disabling browser caching.
>
> I don't feel its secure because even if a browser faithfully follows the protocol, a programmer might write a small browser of his own which caches all pages.
>
> What do others say?
Security is relative and has to take into account the threat.
Specifically, are you just trying to prevent a user's personal data
from being cached on a shared computer? Then you'll take a giant step
by disabling browser caching. If you're trying to prevent a different
threat, then you need to account properly for that.
What you're trying to do is reduce the risk; sheer elimination is
frequently impossible or at least infeasible. In other words, raise
the bar for a successful attack given the value of the data you're
protecting and the resources you have available to do so.
--
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwellgmail.com]
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]