- From: <Dominic.Chambers@mimesweeper.com>
- Date: Thu, 9 Apr 1998 11:49:12 +0100 (BST)
- To: http-wg-request@cuckoo.hpl.hp.com
> I 'm working in resolve the problem of copyright, that is violated > with catching. If I pay for a subscription, and connect to get > information copyrighted, the page will be cached in the proxy, and > every one else could see it. > If the server sends an http header with "no-cache", the problem > would be resolved? > Please, let me know how to get extra information about this issue. > Thanks > M Eugenia Riggi This problem affects any recources that have access restrictions applied to them. As you mention, a pragma: no-cache header (HTTP/1.0) solves the problem, but means that you can not cache the data privately. A cache-control: private header (HTTP/1.1) is better because the data can now be cached on private caches (usually the browser). In the future, an extension to the private cache control header may be avialbale so that shared caches can cache data that has access restrictions, and ensure that that data is not forwarded to people that do not have access rights (see <http://www.ics.uci.edu/pub/ietf/http/draft-melve-cachecontrol-00.txt> for info.). However, you should also consider that if the data is sent unencrypted that people snooping the network connections or those with the ability to snoop the caching directories on the proxies cache, will also be able to view the data. If the data is extremely sensitive, encryption should be used, and the cache-control: no-store header should be used so that the data is not stored on non-volatile storage in an unencrypted form, and is removed from volatile storage as soon as is possible. Hope thats of use, Dominic. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Content Technologies on +44 118 9301300. This message has been generated by MIMEsweeper and certifies that the message and attachments have been swept for all known and recorded computer viruses. MIMEsweeper 3.x protects your organization from content borne threats and malicious intent. Combined with firewalls MIMEsweeper provides a comprehensive network security solution. For information regarding the MIMEsweeper family of products: Phone: +44 118 9301300 Fax: +44 118 9301301 Email: info@mimesweeper.com Support:msw.support@mimesweeper.com World Wide Web: http://www.mimesweeper.com MIMEsweeper: Content Security for Networks ********************************************************************** please notify Content Technologies on +44 118 9301300. This message has been generated by MIMEsweeper and certifies that the message and attachments have been swept for all known and recorded computer viruses. MIMEsweeper 3.x protects your organization from content borne threats and malicious intent. Combined with firewalls MIMEsweeper provides a comprehensive network security solution. For information regarding the MIMEsweeper family of products: Phone: +44 118 9301300 Fax: +44 118 9301301 Email: info@mimesweeper.com Support:msw.support@mimesweeper.com World Wide Web: http://www.mimesweeper.com MIMEsweeper: Content Security for Networks **********************************************************************
Received on Thursday, 9 April 1998 06:17:49 UTC