[4420] in WWW Security List Archive
Re: Removing info from a PC cache
daemon@ATHENA.MIT.EDU (Ammon)
Fri Feb 14 10:45:30 1997
From: "Ammon" <ammon@ikx.org>
To: www-security@ns2.rutgers.edu
Date: Fri, 14 Feb 1997 07:14:37 +0000
Reply-to: ammon@ikx.org
Errors-To: owner-www-security@ns2.rutgers.edu
> How can the information the end-user provides on Internet pages be "erased" so
> that other people using the same PC can not get to the information by going
> back to the page? (Erased "automatically", and not depending upon the
> end-user to exit.) It's my understanding that using SSL does not resolve this
> issue since it just encrypts the data for transmission, not in the PC cache
> (please correct me if I'm wrong about this). Even if the PIN/password is only
> displayed as *'s, the info would still be available in cache to be re-entered
> at the screen, right?
Well, if you are going to do it through perl CGI's, you can use the
following command to make sure that the browser does not cache the
information:
if ($in{'session'} ne "") {
print "Pragma: no-cache\n\n";
} else {
print "\n";
}
The use of this is most often required in chat CGI's, where you do
not want to cache the chat page, since it is just going to be loaded
again in a few seconds. This requires the chat-html.pl file, of
course used with a require"chat-html.pl" command. Hope this helps.
----
____ _ _ _ _ ____ __ _
|--| o |\/| o |\/| o [__] o | \|
a m m o n @ i k x . o r g
i k x . o r g / ~ a m m o n
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
"Everyone has a talent. What is rare is the courage to
follow that talent to the dark place where it leads."
"A riot is the language of the unheard."
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
___ __ __ __ __ __
| |__) _) /__ / \ / \ take back alt.2600
| |__) /__ \__) \__/ \__/ http://tb2600.home.ml.org
