WebApp Sec mailing list archives
Re: Publishing Web Based Application via ICA protocol
From: Chuck <chuck.lists () gmail com>
Date: Fri, 15 Jul 2005 09:58:13 -0400
Saqib Ali, What are you trying to protect against? If you are only worried about users accidentally leaving files around, you should be able to solve that by using SSL (to foil eavesdropping and proxies), making the pages "nocache" (through headers or META tags), and using only session cookies (deleted when the user closes the browser). This won't stop a user from running their browser through a local proxy like WebScarab (and ignoring the SSL warning) and being able to save data that way. It also won't protect a user using a trojaned computer, but I don't think that Citrix or any other solution will help in that case. Chuck On 7/14/05, Saqib Ali <docbook.xml () gmail com> wrote:
If we take Citrix out of the picture, I have the problem of cached files/cookie residing on the computer from where the user accessed our application. The user might have connected from a public computer, or a friend's computer.
Current thread:
- Publishing Web Based Application via ICA protocol Saqib Ali (Jul 13)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 14)
- <Possible follow-ups>
- RE: Publishing Web Based Application via ICA protocol Welsh, Ed (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Chuck (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 14)
- Re: Publishing Web Based Application via ICA protocol jose . varghese (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Jose Varghese (Aug 02)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 18)