[1270] in WWW Security List Archive
Re: caching protected documents
daemon@ATHENA.MIT.EDU (Pitt Crandlemire)
Tue Dec 19 01:51:08 1995
Date: Mon, 18 Dec 1995 23:03:29 -0500
To: www-security@ns2.rutgers.edu
From: pittc@syncon.com (Pitt Crandlemire)
Errors-To: owner-www-security@ns2.rutgers.edu
jet@abulafia.genmagic.com (J. Eric Townsend) wrote:
>I'd call this a bug, in that the protected document is stored in a
>cache on disk. This could be really unfunny in a kiosk or other
>public terminal situation.
True but all cache settings are completely user configurable, including
setting no cache at all. Thus, Netscape satisfactorily addresses security
in that they make a secure option available and leave it to the end user to
determine the level of security necessary for their environment.
A preferred option, however, would be one that allows the use of a cache to
avoid performance degradation but automatically wipes the cache on some
pre-determined event. Say, when Netscape shuts down or after a certain
period of time (minutes, hours) or when a new domain is accessed.
-Pitt Crandlemire
pittc@syncon.com
