Hi, all, Sorry for cross-posting this to the list and the forums, but I am in desperate need for some guidance here (I have researched the web for the last 24 hours, almost continuously, to no avail).
My company has recently deployed self-service apps (started with the HR "module"), and we discovered that a problem with utilizing this system, especially in areas where PCs are shared, consists in the ability of users to choose methods as simple as (in MS Explorer, for example): work offline --> then history --> then picking on previously visited pages and looking other people's info, regardless of whether previous users have logged off the application properly, or not We have found solutions at the browser level (e.g. as we are running SSL - just keeping encrypted pages from being saved, by doing the following in IE: Tools --> Internet Options ... --> Advanced --> Security --> Do not save encrypted pages to disk - and even found ways to deploy this via a registry hack through the login script) on how to keep this from happening, but sophisticated users will always undo those changes, aside from the administrative nightmare such solutions would require across multi-thousand multi-country PCs (thus browsers) deployment. As we are running Apache at the server end, I was wondering if anyone would have a good recommendation for forcing the "non-caching"/"non-history keeping" of such pages. I am aware of the possibility of utilizing Metatags and/or Pragmas (e.g. expiration forced, etc.) in "static HTML", but this won't work properly in the environment of dynamically created pages as in the self-service apps of Oracle ... so - has anybody ever run across this problem (I would see as a basic security requirement, but couldn't find any docs discussing it). How did you address it? TIA, Stef -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: stef INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
