[1282] in WWW Security List Archive
Re: caching protected documents
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Wed Dec 20 05:44:37 1995
To: www-security@ns1.rutgers.edu
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 20 Dec 1995 00:14:40 -0800
To: Michael Brennen <mbrennen@fni.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Michael Brennen wrote:
>
> On Mon, 18 Dec 1995, Pitt Crandlemire wrote:
>
> > True but all cache settings are completely user configurable, including
> > setting no cache at all. Thus, Netscape satisfactorily addresses security
> > in that they make a secure option available and leave it to the end user to
> > determine the level of security necessary for their environment.
>
> And how many users do you think understand the security significance of
> this setting? Did you understand this two weeks ago? Before this thread
> started, did Netscape "satisfactorily address" address security issues so
> that you understood precisely the security ramifications of all the
> choices you can set in the browser?
>
> I don't think so.
>
> I suggest that Netscape was not thinking of security concerns at all when
> this was done. Disk cache was not designed particularly with security
> tradeoffs in mind at all, or there would be much more clear explanations
> already plastered around the choices. I suggest that disk cache was
> designed for perceived speed, and I also suspect that the security
> concerns about authentication caching snuck up on them after the fact.
> Sure, someone in the back room knew about this, but did anyone really
> think this would be an issue?
If your disk is not secure, then there is nothing netscape can do to
make it so. We are just encrypting communications over the net, not
the user's disk or computer. If you don't trust your computing
environment, then you should not trust any programs run within it,
including PGP or Netscape.
> Given the far more serious laxness that Netscape showed in the random
> number generation for SSL keys, I'm not willing to give them credit for
> having thought through the security implications of stashing the
> authentication key on the disk.
This last statement is completely false. The original reporter of the
problem made a wild assumption based on the behaviour he saw, without
substantiating it. He assumed that because he was seeing the page again,
that the "authentication key"(password) was somehow being saved by
netscape. In fact it was not, and what he was seeing was the result of
a minor bug in the caching code, displaying a page that should have
been thrown out of the cache. If the server was ever contacted again,
a real username and password would have to be typed to access protected
pages.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
