[2903] in WWW Security List Archive
page security
daemon@ATHENA.MIT.EDU (Thomas L. Hobika)
Mon Sep 9 19:27:39 1996
Date: Mon, 09 Sep 1996 16:49:50 -0400
From: "Thomas L. Hobika" <hobika@kodak.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hello,
I recently posted regarding page security. I had asked if there was a
way to force a user to authenticate before getting access to a page or
server. I have been able to implement this via password protection and
www_acl lists, however, I am having problems with preventing the
authenticated pages from being cached. This caching of the pages is
causing concern .. I have been told of a "Pragma: no-cache" and recently
read something to the affect that including an "Expire" tag dated with
an earlier date to force the page to be refreshed or not be cached. Is
this true ? If so, how do you implement the above tags ? I would be
interested in seeing some examples if someone could please provide them.
Any help would be grealty appreciated .. thanks in advance ...
-- Tom
Thomas L. Hobika
Systems Administration
Broad Technologies Platform Center
Eastman Kodak Company
Rochester, N.Y. 14653-5811
work: 716.726.3391
internet: hobika@kodak.com
