+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: Anti-caching techniques (/thread-95.html)
Anti-caching techniques - joel - 04-12-2018
I was wondering if anyone is using any anti-caching techniques for security reasons that they could share.
RE: Anti-caching techniques - kudzu - 04-12-2018
Anti caching of what?
RE: Anti-caching techniques - joel - 04-12-2018
(04-12-2018, 01:56 PM)kudzu Wrote: Anti caching of what?
If I have sensitive data being displayed in an IW form is it possible to tell the browser to not save any of it to the browser cache so that the sensitive data is not stored on the disk. (We have the browser history button turned off so there is no need to use the browser back button to try and access anything.)
There are some http headers that can be set like Pragma no-cache and cache-control: no-cache. but I am not really sure how well these work.
Then, I noticed that in the servercontroller->afterDispatch there are the following properties. If I set these will the http reply contain the proper headers?
aReply.Allowcaching
aReply.Expires
aReply.CacheControlEnabled
RE: Anti-caching techniques - kudzu - 04-12-2018
By default forms are not cached anyway. The only content that normally is cached are resources you might reference in a form such as static images etc.
If you are serving content via content handler that can and often is cached. Those items you listed in the case of content handlers can tell the browser not to cache them.
In the end though, browser can and will cache things in the short term as its just how they work. However once a page is gone and the resources to it are no longer needed, then if you have specified no cache it should dispose of them.
You can use the browser debuggers to look at resources and the headers sent down the pipe for each.
In Chrome you can observe the cache with:
chrome://cache/
or a plugin (not tested, just found it in Google) like this:
https://chrome.google.com/webstore/detail/web-cache-viewer/pbkloffickinnlnmefmjmjbacohecpbd?hl=en
If you are not using SSL, that can help as well with security and caching in some cases.
In short, disable caching as per above and then observe and report using manual inspection.