[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) SECURITY ALERT: Password protection bug in Netsca



Jeff writes:
> This report is mostly bogus.  Netscape does not, and never
> has stored http auth passwords in files on your disk.  However
> we do cache documents from servers that use http auth.
> In this case the user had their preferences set to check the
> host site for updated content "once per session".  There is
> a bug, which we are fixing before 2.0 ships, that if the
> auth fails the document should be removed from the cache but
> was not. If the user had set their cache checking to "never",
> then if the document is in the cache, it will always be shown to
> the user, since no connection is made to the server.
 
>   Content providers who don't want their web pages cached
> should use the 'Pragma: no-cache' http header.  This will
> tell the navigator to not save the document in the disk cache.
> 
> 	--Jeff

Thanks for clearing that up - I see you've already been over to 
www-security. The fast response Netscape (and in particular, 
you yourself) make to reported problems is something I'm very
pleased to see.

Peter Trei
[email protected]