Re: Re: [squid-users] Cache Control: no-store

From: Anderson Onir Schmidt da Silva <anderson@dont-contact.us>
Date: Tue, 22 May 2001 14:10:19 -0300 (BRT)

I know the purpose of the no-store directive and this issues...
But i have a case on this is needed!!!

Tell me how please !

> RFC2616 specifies that caches (all forms, including the one in your
> browser) MUST not ignore no-store, and for very valid reasons.
>
> Best approach to ignore no-store is to question why there is a no-store
> to start with and get it fixed in that end. If you consider the
> information as cacheable then it SHOULD not have been marked as
> no-store in the first place.
>
> Base Squid won't ever intentionally implement a directive to
> selectively override no-store. Doing so would be too gross a violation
> of HTTP specifications.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
>
>
> no-store
> The purpose of the no-store directive is to prevent the
> inadvertent release or retention of sensitive information (for
> example, on backup tapes). The no-store directive applies to the
> entire message, and MAY be sent either in a response or in a
> request. If sent in a request, a cache MUST NOT store any part of
> either this request or any response to it. If sent in a response,
> a cache MUST NOT store any part of either this response or the
> request that elicited it. This directive applies to both non-
> shared and shared caches. "MUST NOT store" in this context means
> that the cache MUST NOT intentionally store the information in
> non-volatile storage, and MUST make a best-effort attempt to
> remove the information from volatile storage as promptly as
> possible after forwarding it.
>
> Even when this directive is associated with a response, users
> might explicitly store such a response outside of the caching
> system (e.g., with a "Save As" dialog). History buffers MAY store
> such responses as part of their normal operation.
>
> The purpose of this directive is to meet the stated requirements
> of certain users and service authors who are concerned about
> accidental releases of information via unanticipated accesses to
> cache data structures. While the use of this directive might
> improve privacy in some cases, we caution that it is NOT in any
> way a reliable or sufficient mechanism for ensuring privacy. In
> particular, malicious or compromised caches might not recognize
> or obey this directive, and communications networks might be
> vulnerable to eavesdropping.
>
>
>
>
> Anderson Onir Schmidt da Silva wrote:
>>
>> Hello,
>>
>> How i tell to Squid ignore the Cache Control: no-store Header ???
>>
>> []'s Anderson Onir

[]'s Anderson Onir
Received on Tue May 22 2001 - 11:08:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:14 MST