Re: Prevent caching of pdf files

From: Kurt Seifried (bt_at_seifried.org)
Date: 12/06/03

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Prevent caching of pdf files" 
    To: "bsec" <bsec@cotse.net>, <SECPROG@SECURITYFOCUS.COM>
Date: Fri, 5 Dec 2003 19:48:41 -0700

    > Currently on a secure Internet application we use the "Cache-Control: No
    > Cache" header to prevent information from caching on client machines. We
    > would like to begin to provide pdf files via our application; however,
    > there is a known issue with accessing pdf files with IE 6.0 sp1 when the
    > no-cache header is used. (Please refer to
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;812935
    > for details.) As we have no control over the client machines accessing
    > our application, is there another way to prevent pdf files from being
    > automatically stored on the clients without using the no-cache header?
    >
    > Thanks in advance,
    > -Brett

    This is quite a good question.

    The most obvious one: Serve the files over HTTPS, this prevents caching of
    files in virtually all browsers. Which of course according to the MS link
    won't work unless people patch (unlikely).

    Using an ActiveX control to restrict what a user can do (Microsoft for
    example used to do this with your online MCSE transcripts, you could view,
    and print, but not save the page). I don't know how well this would work for
    a "non-HTML" type document.

    And the only other things that comes to mind is some sort of content
    management/DRM system, but those tend to be expensive and require
    installation of client software.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    ----- Original Message -----
    From: "bsec" <bsec@cotse.net>
    To: <SECPROG@SECURITYFOCUS.COM>
    Sent: Friday, December 05, 2003 3:33 PM
    Subject: Prevent caching of pdf files

    >
    >
    >
    >

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: Prevent caching of pdf files"

    Relevant Pages

    • Prevent caching of pdf files
      ... Cache" header to prevent information from caching on client machines. ... there is a known issue with accessing pdf files with IE 6.0 sp1 when the ... automatically stored on the clients without using the no-cache header? ...
      (SecProg)
    • RE: Prevent caching of pdf files
      ... controlled by the "cache-control" directive in the response header. ... Cache" header to prevent information from caching on client machines. ... We would like to begin to provide pdf files via our application; ... when the no-cache header is used. ...
      (SecProg)
    • Re: Determining when a file is an Open Office Document
      ... PDF files should begin with "%PDF-" followed by a version number, ... The PDF Reference notes that Adobe Acrobat Reader is a bit ... Acrobat viewers require only that the header appear ... Is there a security vulnerability buried in the detection of file types by ...
      (comp.lang.python)
    • Re: Determining when a file is an Open Office Document
      ... PDF files should begin with "%PDF-" followed by a version number, ... The PDF Reference notes that Adobe Acrobat Reader is a bit ... Acrobat viewers require only that the header appear ... contents of a PDF file you're better off using Postscript, ...
      (comp.lang.python)