Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP Cache Manager - no-store directive is wrongly interpreted #3261

Closed
asfimport opened this issue Oct 29, 2013 · 1 comment
Closed

HTTP Cache Manager - no-store directive is wrongly interpreted #3261

asfimport opened this issue Oct 29, 2013 · 1 comment
Labels
os: All P1

Comments

@asfimport
Copy link
Collaborator

@pmouawad (Bug 55721):
We had a discussion a while ago about no-cache and no-store.
It seems we may not have correctly understood no-store.

14.9.2 What May be Stored by Caches

no-store
The purpose of the no-store directive is to prevent the inadvertent release or retention of sensitive information (for example, on backup tapes). The no-store directive applies to the entire message, and MAY be sent either in a response or in a request. If sent in a request, a cache MUST NOT store any part of either this request or any response to it. If sent in a response, a cache MUST NOT store any part of either this response or the request that elicited it. This directive applies to both non- shared and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it.
Even when this directive is associated with a response, users might explicitly store such a response outside of the caching system (e.g., with a "Save As" dialog). History buffers MAY store such responses as part of their normal operation.
The purpose of this directive is to meet the stated requirements of certain users and service authors who are concerned about accidental releases of information via unanticipated accesses to cache data structures. While the use of this directive might improve privacy in some cases, we caution that it is NOT in any way a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping.

According to this is seems browser does not cache a response with no-store:
"and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it. "

Severity: normal
OS: All
@asfimport
Copy link
Collaborator Author

@pmouawad (migrated from Bugzilla):
Date: Tue Oct 29 23:28:43 2013
New Revision: 1536928

URL: http://svn.apache.org/r1536928
Log:
#3261 - HTTP Cache Manager - no-store directive is wrongly interpreted
#3261

Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java
jmeter/trunk/test/src/org/apache/jmeter/protocol/http/control/TestCacheManager.java
jmeter/trunk/xdocs/changes.xml

Date: Tue Oct 29 23:30:12 2013
New Revision: 1536929

URL: http://svn.apache.org/r1536929
Log:
#3261 - HTTP Cache Manager - no-store directive is wrongly interpreted
Check for npe
#3261

Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
os: All P1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@asfimport