[2908] in WWW Security List Archive
Re: page security
daemon@ATHENA.MIT.EDU (Kate Baumann)
Tue Sep 10 09:35:58 1996
Date: Tue, 10 Sep 1996 13:38:17 +0200
From: Kate Baumann <kate@ponton.uni-hannover.de>
To: "Thomas L. Hobika" <hobika@kodak.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Thomas L. Hobika wrote:
>
> Hello,
>
> I recently posted regarding page security. I had asked if there was a
> way to force a user to authenticate before getting access to a page or
> server. I have been able to implement this via password protection and
> www_acl lists, however, I am having problems with preventing the
> authenticated pages from being cached. This caching of the pages is
> causing concern .. I have been told of a "Pragma: no-cache" and recently
> read something to the affect that including an "Expire" tag dated with
> an earlier date to force the page to be refreshed or not be cached. Is
> this true ? If so, how do you implement the above tags ? I would be
> interested in seeing some examples if someone could please provide them.
I'm pretty sure that you have a serious problem here. Your first
mail on this issue states that it's a security problem to your
company even if pages are cached to local maschines, right?
Hum, acutally I can't think of any way to prevent caching
from "normal" HTML-pages. That's because the caching process is
a main feature of HTML-distribution. Caching saves bandwith and
makes connections faster, just think of the new caching mechanisms
like Harvest.
Ok, that's really not your problem. You'll have to find a way around
it. Call this hacking if you like. ;-)
So what about non-cacheable-pages? Hold all your information in a
database and generate the pages individually for every user. Just
on the fly.
Another workaround: create a script that logs on every
machine, makes it's way to the cache-folder and finally deletes
every file in it. Run this every few minutes - not elegant but
maybe a solution at all.
-- Kate Baumann --------------------------
-- PONTON EUROPEAN MEDIA ART LAB ---------
-- Lister Str. 17 - D-30163 Hannover -----
-- http://www.ponton.uni-hannover.de -----
-- mailto:kate@ponton.uni-hannover.de ----
