EXACTLY!! But here is my hope: according to the standards, all browsers developed by HTTP1.1 standard are forced to abide by the requirements in the HTTP headers, even though not necessarily forced to go by Pragmas and/or Metatags (which are HTML "enforcers", instead) ... this is the difference I count on: HTTP vs. HTML. Besides the obvious fact that it is much easier to modify configuration files for Apache in one single place (for the HTTP solution, if you wan to call it as such), vs. modifying all possible HTML templates Oracle delivers with their products (the HTML solution). The drawback? Apache comes in binary form from Oracle, for the HP-UX platform, and does not use the "standard" httpd.conf ... so I am digging up the non-documented apache workings right now.
And - to stay on the topic of this forum - my initial question was: really nobody has been presented with this security issue, taking into account the vast deployment of Oracle with Apachem, as well as Oracle apps, throughout the world?!? Thx again to all who replied, Stef On Tuesday 29 October 2002 04:13 am, Johan De Meersman wrote: > > The way I understand what you're trying to do, all you need is to send > http-headers 'Expires: now' and/or 'Nochache'. I'm not sure about the > exact syntax (have a look at the http rfc), but your server-side > application should be able to handle this easily. However, whatever > server-side pragmas you implement, you'll always be depending on the > client browser to accurately interpret them.
