WebApp Sec mailing list archives
Object Caching with IE 6 XP SP2
From: "Don Tuer" <don.tuer () cgi com>
Date: Fri, 25 Feb 2005 15:44:17 -0500
One item that Microsoft has changed in IE with XP SP2 is the disabling of Object Caching. Very little information exists on the overall security implications of Object Caching although Greymagic did release an advisory on possible exploits using Object Caching: http://www.greymagic.com/security/advisories/gm012-ie/ Disabling Object Caching seems like a no brainer but it looks like it might cause subtle errors with JavaScript since scripts will return different results depending if it's on or off. See KB below for details: http://support.microsoft.com/Default.aspx?kbid=884697 http://support.microsoft.com/Default.aspx?kbid=884698 NOTE: The sample script in kb 884697 needs to be changed to work correctly (ie show the differences). You need to change the frame reference from 2 to 1. My question to the readers is if anyone has seen issues with their JavaScript after disabling Object Caching and if anyone can shed some more light on the real security significance of leaving Object Caching enabled. Thanks in advance, Don
Current thread:
- Re: ISA Server and SQL Injection, (continued)
- Re: ISA Server and SQL Injection Paul Johnston (Feb 23)
- RE: ISA Server and SQL Injection Mark Curphey (Feb 23)
- Re: ISA Server and SQL Injection Paul Johnston (Feb 23)
- RE: ISA Server and SQL Injection Mark Curphey (Feb 23)
- Re: ISA Server and SQL Injection Paul Johnston (Feb 28)
- Re: ISA Server and SQL Injection Stephen de Vries (Feb 28)
- Re: ISA Server and SQL Injection Jan P. Monsch (Mar 01)
- Re: ISA Server and SQL Injection christopher (Mar 03)
- Re: ISA Server and SQL Injection Jan P. Monsch (Mar 03)
- Re: ISA Server and SQL Injection Paul Johnston (Mar 03)
- Object Caching with IE 6 XP SP2 Don Tuer (Feb 28)
- Re: Copying files from one server to another. Michael Sztachanski (Feb 23)
- RE: Copying files from one server to another. dave kleiman (Feb 23)
- Re: Copying files from one server to another. David (Feb 23)
- Re: ISA Server and SQL Injection Jan P. Monsch (Mar 03)
- Input Validation vs. Output Validation (was: ISA Server and SQL Injection) Jeff Williams (Mar 03)