2

We want to "prevent the inadvertent release or retention of sensitive information (for example, on backup tapes :) )" and plan to use the HTTP header Cache-control: no-store. What are the down-sides of doing so? From the spec, it appears caching will continue to operate - it just cannot use non-volatile storage. In order to choose which responses to specify no-store on, we have some measure of "sensitivity." What is the counterbalancing measure we we should use - in other words, why not mark all pages no-store?

John Y.
  • 126
  • 4
  • 2
    Performance decreases come to mind. But once you send something to a browser, you don't control it anymore, so I'm not sure what manipulating the cache policy is going to accomplish. – Robert Harvey May 13 '13 at 23:15
  • It has been requested we prevent an interloper with access to the user's machine (and therefore the browser cache files on disk) from accessing the sensitive page. Most modern browsers seem to understand and do something sane with the `no-store` directive. – John Y. May 13 '13 at 23:54

1 Answers1

4

By using the store, the client has a local cache that they can use. This cache gives them a performance boost and decreases the load on your own server.

In your case, I think it makes sense to have sensitive pages sent with no caching.

I believe another technical problem with no-store (and this is more of a weird side effect) is that older versions of IE have problems with the Content-Disposition header with caching turned off. The behavior is such that the download prompt will indefinitely have 0% progress.

One misconception about no-caching policies is that the browser will actually honor it and not save it to disk. This is not true - many modern browsers actually cache all responses to disk (See this SO). However, this cache is encrypted in those cases.

Overall, I think its safe to do so. Make sure you're not relying on this mechanism as @Robert Harvy says, once you send it over, you're at the mercy of the browser of how it wants to save it.

Community
  • 1
  • 1
badunk
  • 4,310
  • 5
  • 27
  • 47
  • Thanks. Your first paragraph is what I figured, but its tough to measure. In our app, there is a LOT of sensitive information and caching is very useful. We are hoping we can keep the caching and avoid the disk storage in a balanced way. And yes, I am clear this is not a complete security fix. If a bad person has access to the users account, they could replace the browser with something that would do with the data whatever they please, for example. I am trying to make it more complicated to find this information in the circumstance. The security of the machine cannot be guaranteed. – John Y. May 15 '13 at 18:02