- From: Anselm Baird_Smith <abaird@www43.inria.fr>
- Date: Wed, 12 Mar 1997 08:05:25 +0100 (MET)
- To: Ingo Macherius <Ingo.Macherius@tu-clausthal.de>
- Cc: eric_anderson@MENTORG.COM (Eric Anderson), www-jigsaw@w3.org
Ingo Macherius writes: > > > > 1. Is it possible to post a homepage on the Intranet and keep REMOTE1 > > > and REMOTE2 from viewing it? NAME doesn't want joint ventures to view > > > sensitive information but wants everyone else to have access. > [...] > > The disadvanatge is that you only have a general idea about who is accessing > > your server and you trust the security at REMOTE3 whom you trust to keep a > > user of REMOTE1 from using REMOTE3 to view your pages. > > I experienced an unforseen quirk in a similar situation: > REMOTE1 shared a (Squid) Cache with someone who was allowed to see the > pages. So the pages were spread trough the whole cache hierarchie, even if > no one was allowed to see them directly. So you should set up a "NoCache" > pragma. A malicious cache is able to ignore this, so beware ... I fixed that bug in Jigsaw proxy recently (it's really an HTTP/1.0 bug, that is cleanly solved in HTTP/1.1, check the various attributes of the GenericAuthFilter - private, public, etc). BTW Jigsaw proxy does support ICP (proxy-to-proxy Squid protocol). As of 1.0alpha5 it still has some bugs, I have spent the last couple days "fixing" them. Anselm.
Received on Wednesday, 12 March 1997 02:05:35 UTC