WebApp Sec mailing list archives
Re: Is disabling browser caching secure?
From: Pilon Mntry <pilonmntry () yahoo com>
Date: Tue, 18 Apr 2006 22:54:51 -0700 (PDT)
For a shared-computing environment, disabling browser cache (including ssl pages, which IE doesn't do by default) should be helpful. For a privately owned machine, again, it might be helpful not to cache pages against spyware risk. But, yes, a custom browser might easily by-pass such a control (precaution). That aside, a poisoned browser (malicious bho on IE, for example, or an extension in FF) may store visited pages even if its caching ability is disabled. -pilon --- smith.norton () gmail com wrote:
Many articles on the net speaks of disabling browser caching. I don't feel its secure because even if a browser faithfully follows the protocol, a programmer might write a small browser of his own which caches all pages. What do others say?
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Is disabling browser caching secure? smith . norton (Apr 18)
- Re: Is disabling browser caching secure? Kyle Maxwell (Apr 19)
- Re: Is disabling browser caching secure? Pilon Mntry (Apr 19)
- Re: Is disabling browser caching secure? Rogan Dawes (Apr 19)
- Re: Is disabling browser caching secure? lucip (Apr 19)
- Re: Is disabling browser caching secure? Reid Nichol (Apr 19)