WebApp Sec mailing list archives
Re: Is disabling browser caching secure?
From: Rogan Dawes <discard () dawes za net>
Date: Wed, 19 Apr 2006 07:22:26 +0200
smith.norton () gmail com wrote:
Many articles on the net speaks of disabling browser caching. I don't feel its secure because even if a browser faithfully follows the protocol, a programmer might write a small browser of his own which caches all pages. What do others say?
Patient: Doctor, Doctor, it hurts when I do *THIS*! Doctor: Well, don't DO that!App designers cannot be held responsible for non-compliant client software. All they can do is a best effort, since they do not have control over what the client uses (in most cases, corporate standards aside)
If a programmer wants to write a custom browser that ignores cache control instructions, then he should be aware of the consequences. Similarly a user, should they choose to use a non-standard (not widely used, anyway) piece of software without understanding the implications, is responsible for the consequences.
Rogan ------------------------------------------------------------------------- This List Sponsored by: SPI DynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Is disabling browser caching secure? smith . norton (Apr 18)
- Re: Is disabling browser caching secure? Kyle Maxwell (Apr 19)
- Re: Is disabling browser caching secure? Pilon Mntry (Apr 19)
- Re: Is disabling browser caching secure? Rogan Dawes (Apr 19)
- Re: Is disabling browser caching secure? lucip (Apr 19)
- Re: Is disabling browser caching secure? Reid Nichol (Apr 19)