[1342] in WWW Security List Archive
Re: caching protected documents
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sat Dec 23 16:24:06 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: pittc@syncon.com (Pitt Crandlemire)
Date: Thu, 21 Dec 1995 12:03:59 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199512202203.RAA10903@zork.tiac.net> from "Pitt Crandlemire" at Dec 20, 95 05:03:06 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Pitt Crandlemire wrote:
| Michael Brennen <mbrennen@fni.com> wrote:
| >> True but all cache settings are completely user configurable, including
| >> setting no cache at all. Thus, Netscape satisfactorily addresses security
| >> in that they make a secure option available and leave it to the
| >> end user to determine the level of security necessary for their
| >> environment.
| >And how many users do you think understand the security significance of
| >this setting?
|
| I don't know but I don't think that should be Netscape's problem.
I would think that Netscape should make available configuration files
which the site can control, such that the site can make these
decisions, rather than the users.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
