Re: tlug: Cache cow security hole

[Scott Stone <sstone@example.com>]

On Thu, 1 Oct 1998, Darren Cook wrote:

> >... And I, the Lord, sayeth unto thee that Netscape's cache is of the
> >Devil.  Ye cannot serve two masters.
> >
> >ie, turn the cache off.  It causes more problems than it solves, unless
> >you have an *extremely* slow link.  Even then, the security is worth it,
> >IMHO.
> 
> By turning off the cache you waste bandwidth and make everyone's link just
> a little bit slower. 

well, it goes back to the 'one bad apple spoils the bushel' theory.  If I
didn't have to worry about security violations from people on the
internet, I'd leave the cache on, most likely.

> 
> Turning off javascript will also stop the problem. Ideally Netscape will
> give us a patch that allows us to just disable parts of javascript (like
> opening new windows in onUnload() and submit() in onLoad()).

That would be helpful.  i wonder how hard it would be to patch the Mozilla
source to do this?

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp