Re: Prevent caching of pdf files
From: Peter Gutmann (pgut001_at_cs.auckland.ac.nz)
Date: 12/06/03
- Previous message: Michael Wojcik: "RE: Prevent caching of pdf files"
- Maybe in reply to: bsec: "Prevent caching of pdf files"
- Next in thread: Tiago Halm: "RE: Prevent caching of pdf files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 6 Dec 2003 17:24:28 +1300 To: bsec@cotse.net, SECPROG@SECURITYFOCUS.COM
bsec <bsec@cotse.net> writes:
>Currently on a secure Internet application we use the "Cache-Control: No
>Cache" header to prevent information from caching on client machines.
Cache-Control is an HTTP 1.1 (meaning it'll be ignored by HTTP 1.0) indication
that the cache shouldn't return a cached response without revalidating with
the origin server. That is, it's intended to prevent caches from returning
stale responses for (presumably) mutable data. It does not have the semantics
that you require of it. What you want is no-store.
(Even then, relying on the browser to prevent users from saving copies of the
file to disk is unsound. At most you're getting an advisory please-don't-
store-this).
>however, there is a known issue with accessing pdf files with IE
Yeah, it tends to crash a lot when you do this :-).
Peter.
- Previous message: Michael Wojcik: "RE: Prevent caching of pdf files"
- Maybe in reply to: bsec: "Prevent caching of pdf files"
- Next in thread: Tiago Halm: "RE: Prevent caching of pdf files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
