Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3

• To: www-security@ns2.rutgers.edu
• Subject: Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
• From: David Orchard <orchard@mda.ca>
• Date: Tue, 19 Dec 1995 16:40:57 -0800

  
> 
> ] 	 I think you're getting the disk cache confused with Netscape's 
> ] 	 authentication.  Your demonstration page will not work correctly if
> ] 	 you flush the disk cache before attempting it.
> ] 
> ] I don't have 2.0b3, so I can't try the demo, but you may be making a
> ] distinction without a difference.  The disk cache is, after all, on
> ] disk, and persists between sessions.
> ] 
> 
> I seem to remember that some internet-draft or even RFC stated that
> pages needing authorization must (should?) not be cached. If Netscape
> 2.0b3 would place the pages only in memory cache and not in disk cache
> there was no problem, right?
> 
> -Wolfram
 
I doubt it.  That assumes a netscape session is for a single user.  Somebody
else mentioned kiosk mode, and memory caching would be a problem in kiosk mode.
With "Netscape in a Nintendo" and ubiquitous browsers, this could be a large
problem.

David Orchard				| "Life is a Highway, I want to ride
orchard@mda.ca				|  it all night long"
MacDonald Dettwiler and Associates	|  Tom Cochrane
13800 Commerce Parkway
Richmond, B.C., Canada, V6V-2J3
Voice: (604) 278-3411 Fax: (604) 278-3786
http://www.pobox.com/~orchard

• Previous: RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
• Next: Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
• Index(es):
  • Index
  • Thread