Home page logo

pen-test logo Penetration Testing mailing list archives

From: Meredith S <MeredithS () PWAOR COM>
Date: Fri, 1 Sep 2000 09:53:07 +0100

        I would consider it a breach of security as well, considering you can
specify *not* to cache by setting a value it the page's header. in .asp this
is as trivial as adding <% Response.Expires = 0 %> to the beginning of this
page (i wouldn't know how to do it with anything else, as i'm not a web
        The resturant analogy isn't entirely accurate. If you go to a resturant and
hand the waitress your credit card, and she reappears wearing a mink or
never reappears at all, then you have some idea what happens. If a page is
recovered from cache in a publicly accessible environment, then there is no
way of backtracking. Or even telling where the page was recovered from
(there could be a proxy server somewhere on the network).

Stuff like (encrypted) pages being stored in the cache, and so available
to any/all users of the same computer are often considered by the press
to be breaches in security, but fundamentally you must look at the
comparitive risk - do you use your credit card in resturants?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]