We have had a external company produce security risk report on our web app and they stated that allowing cacheable HTTPS responses is a ‘moderate’ security risk.
Would people agree with this assessment?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have had a external company produce security risk report on our web app and they stated that allowing cacheable HTTPS responses is a ‘moderate’ security risk.
Would people agree with this assessment?
If the data genuinely needs to be secure, then caching it seems like a bad idea.
For example, if it is, say, bank details of a user, then if that is cached to the server, then that is another place (in addition to the database where the data is stored) that is at risk of cracking.
If it does not genuinely need to be secure, it is just passed over https with stuff that does need to be secure and is not cached (like images in the page served over https) then I think that is absolutely fine.