[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-dev
Subject: Re: Does no-store in request imply no-cache?
From: Mark Nottingham <mnot () yahoo-inc ! com>
Date: 2010-09-23 0:18:34
Message-ID: 44EFE7C0-E7FB-4C67-875E-A9F6842D9A93 () yahoo-inc ! com
[Download RAW message or body]
On 23/09/2010, at 9:47 AM, Alex Rousskov wrote:
>
> Hi Mark,
>
> Let's assume the above is correct and Squid satisfied the no-store request from the \
> cache. Should Squid purge the cached response afterwards?
> If Squid does not purge, the next regular request will get the same
> cached response as the no-store request got, kind of violating the "MUST NOT store \
> any response to it" no-store requirement.
Sort of, but not really. I agree this could be worded better; we'll work on it.
> If Squid purges, it is kind of silly because earlier requests could have gotten the \
> same "sensitive" information before the no-store request came and declared the \
> already cached information "sensitive".
Agreed.
This has been discussed in the WG before (can't remember the ref); basically, it \
boiled down to each request being independent; you don't want requests affecting \
other ones (beyond anything, it's a security issue if you allow clients to purge your \
cache indescriminantly).
--
Mark Nottingham mnot@yahoo-inc.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic