Re: caching protected documents

• To: www-security@ns2.rutgers.edu
• Subject: Re: caching protected documents
• From: pittc@syncon.com (Pitt Crandlemire)
• Date: Wed, 20 Dec 1995 17:03:06 -0500

Michael Brennen <mbrennen@fni.com> wrote:

>> True but all cache settings are completely user configurable, including
>> setting no cache at all.  Thus, Netscape satisfactorily addresses security
>> in that they  make a secure option available and leave it to the end user to
>> determine the level of security necessary for their environment.
>
>And how many users do you think understand the security significance of
>this setting?

I don't know but I don't think that should be Netscape's problem.

>Did you understand this two weeks ago?

As a matter of fact, yes.  But, then again, information security is my
business.  On the other hand, the users I'm responsible for protecting are
either aware of the ramifications of this setting and, thus, able to make an
intelligent choice on their own, or are using a system pre-configured for
them in a secure manner.

>Before this thread
>started, did Netscape "satisfactorily address" address security issues so
>that you understood precisely the security ramifications of all the
>choices you can set in the browser? 

I don't think anyone could do that for me (or anyone else).  Is it
Netscape's responsibility to anticipate and predict the potential security
concerns of every end-user or is it the responsibility of the end-user to
ensure that they maintain an adequate level of security for their
environment?  I think the latter; obviously, you disagree.

-Pitt Crandlemire
 pittc@syncon.com

• Re: caching protected documents
• From: Michael Brennen <mbrennen@fni.com>
• Re: caching protected documents
• From: Adam Shostack <adam@bwh.harvard.edu>

• Previous: Re: SECURITY ALERT: Password protection bug in Netscape 2.0b3
• Next: Re: caching protected documents
• Index(es):
  • Index
  • Thread