On Fri, 2005-07-29 at 04:55, David Rees wrote: > On 7/28/05, Rafael Martinez <[EMAIL PROTECTED]> wrote: > > > > The only explanation I can find to our problem is that the same happens > > when using SM via a 'proxy' or that 'this' proxy in particular is not > > working as it should. > > > > Anyone with the same problem or ideas to fix this serious security > > problem we have. > > It sounds like the proxy is caching pages when it probably shouldn't > be. A simple fix would be to run squirrelmail under https/SSL, then > it will be encrypted from end to end. Another option would be to > configure the web server to set HTTP headers appropriately to tell any > cache's to avoid caching any pages on your Squirrelmail setup. >
We already run SM under https/SSL all the way, all the time and the web server sets these headers: *Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0CRLF *Pragma:no-cache More ideas anyone? Thanks to all for your responses. -- Rafael Martinez, <[EMAIL PROTECTED]> Center for Information Technology Services University of Oslo, Norway PGP Public Key: http://folk.uio.no/rafael/
signature.asc
Description: This is a digitally signed message part
