On Wed, 7 Oct 2009 11:24:29 -0400, Mark Schall <schallm2_at_msu.edu> wrote:
> Hi,
>
> My name is Mark Schall. I am a Master student at Michigan State
> University. I am working with a group, trying to work with HTTP
> caches. We were wondering if, in general do HTTP caches work by
> caching data based on the IP addresses or by the URI of the HTTP
In general? I wont dare to guess. Too many ways to do it and too many
different software caches using those ways.
Squid in particular stores them by hash. Older versions used hash of URL.
Newer 2.x use Hash of URL + some Vary: headers and stuff.
> request. It seems that using IP addresses would be the most secure
> means of caching, but the URI seems logical for multiple server
> websites.
I assume by 'secure' you mean 'secure against data leaks'. There is nothing
inherently secure about caching in the first place. The cache admin always
has access to the cached data in intermediary traffic.
What security there is in caching is built on a trust between cache admin
and website admin. The website admin trusts that the cache admin will obey
the CC headers. The cache admin trusts that the website admin will set the
headers correctly (private) to protect sensitive information and also
inform how often objects get replaced etc.
Amos
Received on Thu Oct 08 2009 - 03:17:58 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 08 2009 - 12:00:02 MDT