Re: CFNetwork caching HTTPS
Re: CFNetwork caching HTTPS
- Subject: Re: CFNetwork caching HTTPS
- From: Jens Alfke <email@hidden>
- Date: Thu, 29 May 2008 12:02:10 -0700
On 29 May '08, at 11:44 AM, Scott Royston wrote:
Firefox caches HTTPS responses as well. I have only noticed this
problem with Safari.
Caching HTTPS responses* could be seen as a security issue, since
they'd be stored in cleartext in the CFNetwork HTTP cache file. (That
file is per-user and not readable to other users, but that still
worries some people.)
The HTTP 1.1 RFC goes into exhaustive detail about what should and
shouldn't be cached, and it probably has something to say about HTTPS
responses, if someone wants to check.
—Jens
* Actually, in-memory per-session caching would be OK. It's just
persistent caching that has security implications.Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden