[1275] in WWW Security List Archive
Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
daemon@ATHENA.MIT.EDU (Wolfram Schmidt)
Tue Dec 19 13:37:00 1995
Date: Tue, 19 Dec 1995 16:14:32 +0100
From: Wolfram Schmidt <Wolfram.Schmidt@iao.fhg.de>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
] I think you're getting the disk cache confused with Netscape's
] authentication. Your demonstration page will not work correctly if
] you flush the disk cache before attempting it.
]
] I don't have 2.0b3, so I can't try the demo, but you may be making a
] distinction without a difference. The disk cache is, after all, on
] disk, and persists between sessions.
]
I seem to remember that some internet-draft or even RFC stated that
pages needing authorization must (should?) not be cached. If Netscape
2.0b3 would place the pages only in memory cache and not in disk cache
there was no problem, right?
-Wolfram
--
Email: Wolfram.Schmidt@iat.fertigungstechnik.uni-stuttgart.de
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Uni-Stuttgart, IAT, Holzgartenstr. 17, 70174 Stuttgart, Germany
