|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Is disabling browser caching secure?
From: Pilon Mntry (pilonmntry
yahoo.com)
Date: Wed Apr 19 2006 - 00:54:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
For a shared-computing environment, disabling browser
cache (including ssl pages, which IE doesn't do by
default) should be helpful.
For a privately owned machine, again, it might be
helpful not to cache pages against spyware risk.
But, yes, a custom browser might easily by-pass such a
control (precaution).
That aside, a poisoned browser (malicious bho on IE,
for example, or an extension in FF) may store visited
pages even if its caching ability is disabled.
-pilon
--- smith.nortongmail.com wrote:
> Many articles on the net speaks of disabling browser
> caching.
>
> I don't feel its secure because even if a browser
> faithfully follows the protocol, a programmer might
> write a small browser of his own which caches all
> pages.
>
> What do others say?
>
>
-------------------------------------------------------------------------
> This List Sponsored by: SPI Dynamics
>
> ALERT: "How A Hacker Launches A Web Application
> Attack!"
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks
> with real-world
> examples of recent hacking methods such as: SQL
> Injection, Cross Site
> Scripting and Parameter Manipulation
>
>
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
>
--------------------------------------------------------------------------
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]