Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: CFNetwork caching HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CFNetwork caching HTTPS

Subject: Re: CFNetwork caching HTTPS
From: "Scott Royston" <email@hidden>
Date: Thu, 29 May 2008 15:44:09 -0500

Looking at the RFC, they mention the distinction between 'shared' and 'non-shared' caches (section 13.9), but the determination of whether to cache or not is mainly dictated by the Cache-Control header new to 1.1.

On Thu, May 29, 2008 at 2:02 PM, Jens Alfke <email@hidden> wrote:

On 29 May '08, at 11:44 AM, Scott Royston wrote:

Firefox caches HTTPS responses as well. I have only noticed this problem with Safari.

Caching HTTPS responses* could be seen as a security issue, since they'd be stored in cleartext in the CFNetwork HTTP cache file. (That file is per-user and not readable to other users, but that still worries some people.)

The HTTP 1.1 RFC goes into exhaustive detail about what should and shouldn't be cached, and it probably has something to say about HTTPS responses, if someone wants to check.

—Jens

* Actually, in-memory per-session caching would be OK. It's just persistent caching that has security implications.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>CFNetwork caching HTTPS (From: "Scott Royston" <email@hidden>)
	>Re: CFNetwork caching HTTPS (From: Ladd Van Tol <email@hidden>)
	>Re: CFNetwork caching HTTPS (From: "Scott Royston" <email@hidden>)
	>Re: CFNetwork caching HTTPS (From: Jens Alfke <email@hidden>)

Prev by Date: Re: SCTP? YES!
Next by Date: Re: SCTP? YES!
Previous by thread: Re: CFNetwork caching HTTPS
Next by thread: Does CFWriteStream coalesce writes?
Index(es):
- Date
- Thread