WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is disabling browser caching secure?

From: Reid Nichol <rnichol_rrc () yahoo com>
Date: Tue, 18 Apr 2006 21:20:13 -0700 (PDT)
Hello:
  One cannot trust what is out of the realm of control of his/her app. 
The behaviour of the browser is clearly not within this realm of
control and thus should not be depended on, nor trusted.

best regards,
Reid Nichol

--- smith.norton () gmail com wrote:

Many articles on the net speaks of disabling browser caching.

I don't feel its secure because even if a browser faithfully follows
the protocol, a programmer might write a small browser of his own
which caches all pages.

What do others say?



-------------------------------------------------------------------------

This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site

Scripting and Parameter Manipulation



https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl



--------------------------------------------------------------------------






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: