W3C home > Mailing lists > Public > www-jigsaw@w3.org > March to April 1997

Re: Can Jigsaw do this?

From: Ingo Macherius <Ingo.Macherius@tu-clausthal.de>
Date: Tue, 11 Mar 1997 19:17:27 +0100 (MET)
Message-Id: <199703111817.TAA21883@kneipfix.rz.tu-clausthal.de>
To: eric_anderson@MENTORG.COM (Eric Anderson)
Cc: www-jigsaw@w3.org

> >      1. Is it possible to post a homepage on the Intranet and keep REMOTE1 
> >      and REMOTE2 from viewing it? NAME doesn't want joint ventures to view 
> >      sensitive information but wants everyone else to have access.
[...]
> The disadvanatge is that you only have a general idea about who is accessing
> your server and you trust the security at REMOTE3 whom you trust to keep a
> user of REMOTE1 from using REMOTE3 to view your pages.

I experienced an unforseen quirk in a similar situation: 
REMOTE1 shared a (Squid) Cache with someone who was allowed to see the
pages. So the pages were spread trough the whole cache hierarchie, even if
no one was allowed to see them directly. So you should set up a "NoCache"
pragma. A malicious cache is able to ignore this, so beware ...

	++im
-- 
Snail : Ingo Macherius // L'Aigler Platz 4 // D-38678 Clausthal-Zellerfeld
Mail  : Ingo.Macherius@tu-clausthal.de WWW: http://www.tu-clausthal.de/~inim/
Information!=Knowledge!=Wisdom!=Truth!=Beauty!=Love!=Music==BEST (Frank Zappa)
Received on Tuesday, 11 March 1997 13:17:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:26 GMT