使用缓存控制的缺点是:无存储? [英] What are the drawbacks of using cache-control: no-store?

问题描述

我们要防止敏感信息的无意释放或保留(例如，在备份磁带上:))"，并计划使用HTTP标头Cache-control:no-store.这样做的不利之处是什么?从规范来看，缓存似乎将继续运行-它只是不能使用非易失性存储.为了选择要指定不保留的响应，我们对敏感度"进行了一些衡量.我们应该使用什么平衡措施?换句话说，为什么不将所有页面标记为不存储?

We want to "prevent the inadvertent release or retention of sensitive information (for example, on backup tapes :) )" and plan to use the HTTP header Cache-control: no-store. What are the down-sides of doing so? From the spec, it appears caching will continue to operate - it just cannot use non-volatile storage. In order to choose which responses to specify no-store on, we have some measure of "sensitivity." What is the counterbalancing measure we we should use - in other words, why not mark all pages no-store?

推荐答案

通过使用存储，客户端可以使用本地缓存.此缓存可提高性能，并减少您自己服务器上的负载.

By using the store, the client has a local cache that they can use. This cache gives them a performance boost and decreases the load on your own server.

对于您而言，我认为无需缓存即可发送敏感页面是很有意义的.

In your case, I think it makes sense to have sensitive pages sent with no caching.

我认为不存储的另一个技术问题(这更多是一个怪异的副作用)是IE的较早版本在关闭缓存的情况下出现了Content-Disposition标头的问题.这样的行为使得下载提示将无限期地获得0％的进度.

I believe another technical problem with no-store (and this is more of a weird side effect) is that older versions of IE have problems with the Content-Disposition header with caching turned off. The behavior is such that the download prompt will indefinitely have 0% progress.

关于无缓存策略的一个误解是浏览器实际上会接受它，而不是将其保存到磁盘.这是不正确的-许多现代浏览器实际上将所有响应都缓存到磁盘(请参见 SO ).但是，在这种情况下，此缓存 是加密的.

One misconception about no-caching policies is that the browser will actually honor it and not save it to disk. This is not true - many modern browsers actually cache all responses to disk (See this SO). However, this cache is encrypted in those cases.

总的来说，我认为这样做是安全的.确保您不依赖@Robert Harvy所说的这种机制，一旦将其发送出去，就会受到浏览器如何保存它的摆布.

Overall, I think its safe to do so. Make sure you're not relying on this mechanism as @Robert Harvy says, once you send it over, you're at the mercy of the browser of how it wants to save it.

这篇关于使用缓存控制的缺点是:无存储?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！