[2914] in WWW Security List Archive
RE: page security
daemon@ATHENA.MIT.EDU (John Lehmann (SSASyd))
Tue Sep 10 22:23:58 1996
From: "John Lehmann (SSASyd)" <LEHMANNJ@saatchi.com.au>
To: "'www-security'" <www-security@ns2.rutgers.edu>
Date: Wed, 11 Sep 96 10:54:00 S
Errors-To: owner-www-security@ns2.rutgers.edu
And
<META HTTP-EQUIV="Pragma" CONTENT="No cache">
is good as well... but this is all a very limited form of security :(
That is, it's not very secure. Depends on what you need to secure I
suppose.
----------
From: owner-www-security[SMTP:owner-www-security@ns2.rutgers.edu]
Sent: Tuesday, 10 September, 1996 8:06 AM
To: www-security@ns2.rutgers.edu; 'Thomas L. Hobika'
Subject: RE: page security
<META HTTP-EQUIV="Expires" CONTENT="Sun, 01 SEP 1996 21:29:02 GMT">
the above tag can be used and make sure that your expiry date has already
passed.
uday
----------
From: Thomas L. Hobika
Sent: Monday, September 09, 1996 4:49 PM
To: www-security@ns2.rutgers.edu
Subject: page security
Hello,
I recently posted regarding page security. I had asked if there was a
way to force a user to authenticate before getting access to a page or
server. I have been able to implement this via password protection and
www_acl lists, however, I am having problems with preventing the
authenticated pages from being cached. This caching of the pages is
causing concern .. I have been told of a "Pragma: no-cache" and recently
read something to the affect that including an "Expire" tag dated with
an earlier date to force the page to be refreshed or not be cached. Is
this true ? If so, how do you implement the above tags ? I would be
interested in seeing some examples if someone could please provide them.
Any help would be grealty appreciated .. thanks in advance ...
-- Tom
Thomas L. Hobika
Systems Administration
Broad Technologies Platform Center
Eastman Kodak Company
Rochester, N.Y. 14653-5811
work: 716.726.3391
internet: hobika@kodak.com
