WebApp Sec mailing list archives

Re: Publishing Web Based Application via ICA protocol

From: Saqib Ali <docbook.xml () gmail com>
Date: Sat, 16 Jul 2005 07:30:24 -0700

Hello Jose,

I went through the document, and here is my feedback:

1) I far as I know, CACHE-CONTROL header does NOT provide protection
agaist caching of doc/pdf/xls/vsd files. The files still get
downloaded locally on the machine for viewing, and remain in the
Internet Tempory Files folder. Am I wrong? Please let me know if this
is not the case. Thanks.

2) I do dynamically render all the documents. In addition I also using
anti-leeching methods to prevent traversal, and/or direct linking.

Regarding the issue of sensitive documents getting cached at the client
machine , Andres Desa discusses this and more about secure document delivery
over Internet in the paper
http://www.paladion.net/papers/Document_Security_in_Web_Applications.pdf.


-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/

Current thread:

Publishing Web Based Application via ICA protocol Saqib Ali (Jul 13)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 14)
- <Possible follow-ups>
- RE: Publishing Web Based Application via ICA protocol Welsh, Ed (Jul 14)
  - Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
    - Re: Publishing Web Based Application via ICA protocol Chuck (Jul 15)
    - Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 15)
    - Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 15)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 14)
- Re: Publishing Web Based Application via ICA protocol jose . varghese (Jul 15)
  - Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
    - RE: Publishing Web Based Application via ICA protocol Jose Varghese (Aug 02)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 18)