[Previous] [Next] [Index]
[Thread]
Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
>
> ] I think you're getting the disk cache confused with Netscape's
> ] authentication. Your demonstration page will not work correctly if
> ] you flush the disk cache before attempting it.
> ]
> ] I don't have 2.0b3, so I can't try the demo, but you may be making a
> ] distinction without a difference. The disk cache is, after all, on
> ] disk, and persists between sessions.
> ]
>
> I seem to remember that some internet-draft or even RFC stated that
> pages needing authorization must (should?) not be cached. If Netscape
> 2.0b3 would place the pages only in memory cache and not in disk cache
> there was no problem, right?
>
> -Wolfram
I doubt it. That assumes a netscape session is for a single user. Somebody
else mentioned kiosk mode, and memory caching would be a problem in kiosk mode.
With "Netscape in a Nintendo" and ubiquitous browsers, this could be a large
problem.
David Orchard | "Life is a Highway, I want to ride
orchard@mda.ca | it all night long"
MacDonald Dettwiler and Associates | Tom Cochrane
13800 Commerce Parkway
Richmond, B.C., Canada, V6V-2J3
Voice: (604) 278-3411 Fax: (604) 278-3786
http://www.pobox.com/~orchard