Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is disabling browser caching secure?

from [Kyle Maxwell] Network Security [Permanent Link]
Subject: Re: Is disabling browser caching secure?
Date: Wed, 19 Apr 2006 16:07:41 -0500 
On 18 Apr 2006 15:59:46 -0000, smith.norton@gmail.com
<smith.norton@gmail.com> wrote:

Many articles on the net speaks of disabling browser caching.

I don't feel its secure because even if a browser faithfully follows the 
protocol, a programmer might write a small browser of his own which caches 
all pages.

What do others say?


Security is relative and has to take into account the threat.
Specifically, are you just trying to prevent a user's personal data
from being cached on a shared computer? Then you'll take a giant step
by disabling browser caching. If you're trying to prevent a different
threat, then you need to account properly for that.

What you're trying to do is reduce the risk; sheer elimination is
frequently impossible or at least infeasible. In other words, raise
the bar for a successful attack given the value of the data you're
protecting and the resources you have available to do so.

--
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell@gmail.com]

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Next by Date:  risk management in software development lifecycle, test . future
Previous by Thread:  Is disabling browser caching secure?, smith . norton
Next by Thread:  Re: Is disabling browser caching secure?, Pilon Mntry
Indexes:  [Date] [Thread] [Top] [All Lists]