[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) SECURITY ALERT: Password protection bug in Netsca

To: [email protected], [email protected]
Subject: Re: (Fwd) SECURITY ALERT: Password protection bug in Netsca
From: "Peter Trei" <[email protected]>
Date: Tue, 19 Dec 1995 09:38:25 -6
Comments: Authenticated sender is <trei@popserver>
Organization: Process Software Corporation
Priority: normal
Reply-To: [email protected]
Sender: [email protected]

Jeff writes:
> This report is mostly bogus.  Netscape does not, and never
> has stored http auth passwords in files on your disk.  However
> we do cache documents from servers that use http auth.
> In this case the user had their preferences set to check the
> host site for updated content "once per session".  There is
> a bug, which we are fixing before 2.0 ships, that if the
> auth fails the document should be removed from the cache but
> was not. If the user had set their cache checking to "never",
> then if the document is in the cache, it will always be shown to
> the user, since no connection is made to the server.
 
>   Content providers who don't want their web pages cached
> should use the 'Pragma: no-cache' http header.  This will
> tell the navigator to not save the document in the disk cache.
> 
> 	--Jeff

Thanks for clearing that up - I see you've already been over to 
www-security. The fast response Netscape (and in particular, 
you yourself) make to reported problems is something I'm very
pleased to see.

Peter Trei
[email protected]

Prev by Date: ZD Net Update v.1 #4
Next by Date: Re: (fwd) Economics of Digital Money.
Prev by thread: ZD Net Update v.1 #4
Next by thread: Re: (fwd) Economics of Digital Money.
Index(es):
- Date
- Thread