Re: Client Caching -- Was: Re: Network Abuse by Netscape?

Brian Behlendorf (brian@wired.com)
Tue, 1 Nov 1994 16:48:53 +0100

On Mon, 31 Oct 1994, John Kilburg wrote:
> >>[stuff about client caching]
> >
> > It's a good idea to cache document, but warning some documents are
> >protected : don't store these documents in the cache with a mode "644"
> >
> > Also, I like give an "username/password" when I access a protected
> >document for the first time, even if the document is in the cache.
> >
> >Guy Decoux
>
> I saw your comments about chimera (Brian B. sent them to me)...chimera
> 1.61 and above no longer caches documents that require authentication.
>
> This was not the smartest thing to do but it is safer and easy.

It's possible to use user authentication in an if-modified-since request,
yes? If so then the following should work:

C: "Is this user/pass combo allowed to have this document?"
S: "Yes."
or
S: "No." connection closed.

C: "Has it been changed?"
S: "Yes, here it is." ...document....
S: "No." connection closed.

I see lots of 304's in my access logs with user names attached so I know
some browser out there is doing this right....

With local caching the only problem is if there's data in the
user-authenticated pages you don't want others to see (which is probably
true if it's under authentication in the first place), which makes the
security of the cache itself an issue. Hmmm.

Brian