|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Is disabling browser caching secure?
From: Rogan Dawes (discard
dawes.za.net)
Date: Wed Apr 19 2006 - 00:22:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
smith.nortongmail.com wrote:
> Many articles on the net speaks of disabling browser caching.
>
> I don't feel its secure because even if a browser faithfully follows the protocol, a programmer might write a small browser of his own which caches all pages.
>
> What do others say?
>
Patient: Doctor, Doctor, it hurts when I do *THIS*!
Doctor: Well, don't DO that!
App designers cannot be held responsible for non-compliant client
software. All they can do is a best effort, since they do not have
control over what the client uses (in most cases, corporate standards aside)
If a programmer wants to write a custom browser that ignores cache
control instructions, then he should be aware of the consequences.
Similarly a user, should they choose to use a non-standard (not widely
used, anyway) piece of software without understanding the implications,
is responsible for the consequences.
Rogan
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]