-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
cofe-mail at hushmail.com wrote:
| As everybody seems keen on beefing up fproxy all of a sudden, here's a
| few suggestions for some little changes you all might like to consider,
|
| 1) Death to the evil browser cache.
|
| For all the security Freenet provides, browsing freesites still leaves
| a trail of cached pages behind. I'm sure there must be some HTTP
| directive to instruct the browser to not cache pages, but unfortunately
| I can't think of it right now. Also, if this feature can be added,
| please make it optional, as some strange people may actually like the
| caching behaviour kept as it is.
|
PHP documentation pages advice to use the following PHP code for this:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
~ // always modified
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
False as the second parameter means not to replace the previous header
but to add another.
Compliant browsers shouldn't cache pages then, but this brings another
annoyance: View source doesn't always work with some browsers and
pressing back-button brings a page telling that the previous page was
expired from cache etc.
| 2) SSL Freesite browsing.
|
| I seem to dimly recall this being discussed a long time ago now, and I
| forget why it never actually came to anything. Although I do notice
| some old SSL interface code still lurking around the Freenet source
| tree, seemingly doing nothing.
|
| As there seem to be quite a few people who like to leave their nodes
| running 24/7, and access them from remote locations during the day,
| leaving fproxy without a secure socket option seems like a serious
| ommision IMHO.
|
| Additionally, SSL browsing does have the extra bonus feature that
| most 'good' browsers will not cache SSL documents by default, and are
| careful about cleaning up any other little temp files that might be
| sitting around. So this ties in with the previous caching issue quite
| nicely I think.
.. so this only adds the safe remote surfing when using the right headers.
- - Jukka
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9ch0yYYWM2XTSwX0RAk0JAJ0QZEdLHWHGCaUPhOzW510HoLndnwCdHO7i
bcOOGE2HP83meDeKn2v/rJI=
=OBic
-----END PGP SIGNATURE-----
_______________________________________________
devl mailing list
devl at freenetproject.org
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
