Re: [squid-users] Cache Control: no-store from Henrik Nordstrom on 2001-05-21 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 22 May 2001 02:18:28 +0200

RFC2616 specifies that caches (all forms, including the one in your
browser) MUST not ignore no-store, and for very valid reasons.

Best approach to ignore no-store is to question why there is a no-store
to start with and get it fixed in that end. If you consider the
information as cacheable then it SHOULD not have been marked as no-store
in the first place.

Base Squid won't ever intentionally implement a directive to selectively
override no-store. Doing so would be too gross a violation of HTTP
specifications.

--
Henrik Nordstrom
Squid Hacker
   no-store
      The purpose of the no-store directive is to prevent the
      inadvertent release or retention of sensitive information (for
      example, on backup tapes). The no-store directive applies to the
      entire message, and MAY be sent either in a response or in a
      request. If sent in a request, a cache MUST NOT store any part of
      either this request or any response to it. If sent in a response,
      a cache MUST NOT store any part of either this response or the
      request that elicited it. This directive applies to both non-
      shared and shared caches. "MUST NOT store" in this context means
      that the cache MUST NOT intentionally store the information in
      non-volatile storage, and MUST make a best-effort attempt to
      remove the information from volatile storage as promptly as
      possible after forwarding it.
      Even when this directive is associated with a response, users
      might explicitly store such a response outside of the caching
      system (e.g., with a "Save As" dialog). History buffers MAY store
      such responses as part of their normal operation.
      The purpose of this directive is to meet the stated requirements
      of certain users and service authors who are concerned about
      accidental releases of information via unanticipated accesses to
      cache data structures. While the use of this directive might
      improve privacy in some cases, we caution that it is NOT in any
      way a reliable or sufficient mechanism for ensuring privacy. In
      particular, malicious or compromised caches might not recognize or
      obey this directive, and communications networks might be
      vulnerable to eavesdropping.
Anderson Onir Schmidt da Silva wrote:
> 
> Hello,
> 
> How i tell to Squid ignore the Cache Control: no-store Header ???
> 
> []'s Anderson Onir

Received on Mon May 21 2001 - 18:25:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:13 MST