[1908] in WWW Security List Archive
Re: Re[2]: how do I keep a browser from caching files
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Thu Apr 25 02:29:35 1996
Date: Wed, 24 Apr 1996 20:52:20 -0700
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: sweinron@uism.BU.EDU
CC: www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
sweinron@uism.BU.EDU wrote:
> There seems to be a pretty even distribution between sites that use passwords in
> forms vs. HTTP authentication passwords. Assuming that you are using SSL and a
> scheme where the password must travel from the browser to the server, what are
> the pros and cons of each approach, and what should one pay special attention to
> with each. Are there any sites of FAQ's that go into this discussion?
>
> When using SSL, is form data sorted in the fat.db? If so, is it encrypted? I
> only found http references in the file, not https?
There was a bug in Navigator 2.x that was causing form data to be stored
in the fat.db file. In the new Atlas release, curently in beta, we no longer
store form post data in the fat.db file. We no longer cache documents from SSL
connections by default, but provide an option to turn it on.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
