WebApp Sec mailing list archives
Re: Publishing Web Based Application via ICA protocol
From: Saqib Ali <docbook.xml () gmail com>
Date: Sat, 16 Jul 2005 07:30:24 -0700
Hello Jose, I went through the document, and here is my feedback: 1) I far as I know, CACHE-CONTROL header does NOT provide protection agaist caching of doc/pdf/xls/vsd files. The files still get downloaded locally on the machine for viewing, and remain in the Internet Tempory Files folder. Am I wrong? Please let me know if this is not the case. Thanks. 2) I do dynamically render all the documents. In addition I also using anti-leeching methods to prevent traversal, and/or direct linking.
Regarding the issue of sensitive documents getting cached at the client machine , Andres Desa discusses this and more about secure document delivery over Internet in the paper http://www.paladion.net/papers/Document_Security_in_Web_Applications.pdf.
-- In Peace, Saqib Ali http://www.xml-dev.com/blog/
Current thread:
- Publishing Web Based Application via ICA protocol Saqib Ali (Jul 13)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 14)
- <Possible follow-ups>
- RE: Publishing Web Based Application via ICA protocol Welsh, Ed (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Chuck (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 14)
- Re: Publishing Web Based Application via ICA protocol jose . varghese (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Jose Varghese (Aug 02)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 18)