- From: <Dominic.Chambers@mimesweeper.com>
- Date: Thu, 9 Apr 1998 11:49:12 +0100 (BST)
- To: http-wg-request@cuckoo.hpl.hp.com
> I 'm working in resolve the problem of copyright, that is violated
> with catching. If I pay for a subscription, and connect to get
> information copyrighted, the page will be cached in the proxy, and
> every one else could see it.
> If the server sends an http header with "no-cache", the problem
> would be resolved?
> Please, let me know how to get extra information about this issue.
> Thanks
> M Eugenia Riggi
This problem affects any recources that have access restrictions
applied to them. As you mention, a pragma: no-cache header (HTTP/1.0)
solves the problem, but means that you can not cache the data
privately. A cache-control: private header (HTTP/1.1) is better
because the data can now be cached on private caches (usually the
browser). In the future, an extension to the private cache control
header may be avialbale so that shared caches can cache data that has
access restrictions, and ensure that that data is not forwarded to
people that do not have access rights (see
<http://www.ics.uci.edu/pub/ietf/http/draft-melve-cachecontrol-00.txt>
for info.).
However, you should also consider that if the data is sent unencrypted
that people snooping the network connections or those with the ability
to snoop the caching directories on the proxies cache, will also be
able to view the data. If the data is extremely sensitive, encryption
should be used, and the cache-control: no-store header should be used
so that the data is not stored on non-volatile storage in an
unencrypted form, and is removed from volatile storage as soon as is
possible.
Hope thats of use,
Dominic.
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify Content Technologies
on +44 118 9301300.
This message has been generated by MIMEsweeper and certifies that the message and attachments have been swept for all known and recorded computer viruses.
MIMEsweeper 3.x protects your organization from content borne threats and malicious intent. Combined with firewalls MIMEsweeper provides a comprehensive network security solution.
For information regarding the MIMEsweeper family of products:
Phone: +44 118 9301300
Fax: +44 118 9301301
Email: info@mimesweeper.com
Support:msw.support@mimesweeper.com
World Wide Web: http://www.mimesweeper.com
MIMEsweeper: Content Security for Networks
**********************************************************************
please notify Content Technologies
on +44 118 9301300.
This message has been generated by MIMEsweeper and certifies that the message and attachments have been swept for all known and recorded computer viruses.
MIMEsweeper 3.x protects your organization from content borne threats and malicious intent. Combined with firewalls MIMEsweeper provides a comprehensive network security solution.
For information regarding the MIMEsweeper family of products:
Phone: +44 118 9301300
Fax: +44 118 9301301
Email: info@mimesweeper.com
Support:msw.support@mimesweeper.com
World Wide Web: http://www.mimesweeper.com
MIMEsweeper: Content Security for Networks
**********************************************************************
Received on Thursday, 9 April 1998 06:17:49 UTC