WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Publishing Web Based Application via ICA protocol

From: Chuck <chuck.lists () gmail com>
Date: Fri, 15 Jul 2005 09:58:13 -0400
Saqib Ali,

   What are you trying to protect against?  If you are only worried
about users accidentally leaving files around, you should be able to
solve that by using SSL (to foil eavesdropping and proxies), making
the pages "nocache" (through headers or META tags), and using only
session cookies (deleted when the user closes the browser).

   This won't stop a user from running their browser through a local
proxy like WebScarab (and ignoring the SSL warning) and being able to
save data that way.  It also won't protect a user using a trojaned
computer, but I don't think that Citrix or any other solution will
help in that case.

Chuck

On 7/14/05, Saqib Ali <docbook.xml () gmail com> wrote:

If we take Citrix out of the picture, I have the problem of cached
files/cookie residing on the computer from where the user accessed our
application. The user might have connected from a public computer, or
a friend's computer.
Previous By Date Next
Previous By Thread Next

Current thread: