General discussion

Locked

Disable browser caching for security?

By memehal ·
Are there any risks to a company's website using SSL for communications if they allow the client's browser to cache pages (in the temporary internet files directory)? Some suggest that hackers who can view these stored pages could gather info that might make hacking the website easier.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Disable browser caching for security?

by DC1 In reply to Disable browser caching f ...

A hacker could get some info from the pages. There is a check box in the IE browser's advanced options that specifies not to cache secure pages.

Collapse -

Disable browser caching for security?

by memehal In reply to Disable browser caching f ...

Thanks. I have already heard that a hacker could gain some info from these cached pages but have no detail of what info and how that would assist them and place our corporate site at greater risk. Also, the IE option mentioned would be something the end user would set but I'm interested in what we (the website owner) can do. I believe that we can include some parameter in the web page which instructs the browser not to cache the web page.

Collapse -

Disable browser caching for security?

by dlw6 In reply to Disable browser caching f ...

Concur with DC1's answer. You can find that setting under Tools .. Internet Options .. Advanced .. Security .. Do Not Save Encrypted Pages to Disk.

Also, you can set the size of the cache to 0% of the HDD under Internet Options .. General .. Temporary Internet Files .. Settings. This would not save ANY web files.

Good fortune,
Don

Collapse -

Disable browser caching for security?

by memehal In reply to Disable browser caching f ...

Thanks. I have already heard that a hacker could gain some info from these cached pages but have no detail of what info and how that would assist them and place our corporate site at greater risk. Also, the IE options mentioned would be something the end user would set but I'm interested in what we (the website owner) can do. I believe that we can include some parameter in the web page which instructs the browser not to cache the web page.

Collapse -

Disable browser caching for security?

by joeteff In reply to Disable browser caching f ...

It's what may be in those pages. Do you use hidden fields that contain sensative data? Hidden fields are part of the html even though they are not rendered. Do you use querystrings in hyperlinks that contain sensative information? What about developer comments? Cached pages are available for all users of that computer, not just the one that visited the site.

Collapse -

Disable browser caching for security?

by memehal In reply to Disable browser caching f ...

Poster rated this answer

Collapse -

Disable browser caching for security?

by memehal In reply to Disable browser caching f ...

This question was closed by the author

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums