[3620] in WWW Security List Archive
Re: CGI Security
daemon@ATHENA.MIT.EDU (Ben Camp)
Sun Nov 24 15:34:23 1996
Date: Sat, 24 Aug 1996 13:15:06 +0100
To: "Saeid Parivash" <PARIVASH@cc1.unt.edu>
From: Ben Camp <benc@geocel.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
There are problems in that not all browsers support the pragma no-cache. In
fact Internet Explorer 3.01 (3.0 appears to work), does not support it.
Ben Camp
At 08:33 PM 11/22/96 CST, you wrote:
>First i would like to thank everyone that responded to my message.
>(ie. using the "pragma" tag with "no-cache"; it works great.)
>
>However, i am wondering if this is possible:
>
>I have written a CGI application in C that creates 2 documents with
>"pragma" tag set to "no-cache" (method "POST") on both document.
>
>First document asks the user to enter an ID and PIN#. When the user
>submits the document, a document (2nd doc) is created, which displays
>specific info. based on ID and PIN#. Now, if the user clicks the back
>button on their browser, it will take him back to the 1st document,
>and the user must click on the "reload button" (ie. "pragma" tag "no-
>cache") to display the 1st doc. with ID and PIN# field set to blank.
>Now, the user clicks the forward button on their browser, which than
>takes him to the 2nd document. At this point the user must click on
>the reload button(ie. "pragma" tag "no-cache") to display the 2nd doc.
>that contains specific info. based on the ID and PIN#.
>
>Question:
> 1. Is it possible to ask the user for ID and PIN# again, when
> the user clicks on the reload button to redisplay the 2nd
> document or somehow authenticate the user before redisplaying
> the 2nd document?
>
> 2. Is it possible to kill a navigator through a CGI?
>
>
>Any help would be appreciated.
>
>Thanks in advance
> Saeid
>
>
