httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject RE: preventing confidential data from being cached in a form
Date Mon, 18 Feb 2002 18:42:45 GMT

> From: Greene Paul [mailto:greene_paul@bah.com]

> Is there a way to prevent form data from being saved in a web browser
> cache?
>
> In other words, a form on a web page is set up to collect confidential
> data from a client. I want to prevent that data from being cached on
> either the Apache web server end, or on the client web browser end, once
> the data is submitted in order to guarantee that it cannot be viewed by
> another user.
>
> Is that possible to do?

There are lots of ways to give hints to browsers about how to handle
caching.  See the HTTP/1.1 specification for information about Cache-Control
and Expires headers.  Of course, the browser is always free to do whatever
they want.

Probably the best way to do what you are asking is to use SSL to send the
data.  This will protect it in transit, plus it lets the browser know that
it is sensitive.  Most browsers won't cache SSL data, and proxies will not
even have the opportunity.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message