完全禁止浏览器缓存 [英] Completely disallow browser caching
问题描述
我想防止某些文件被浏览器缓存(出于版权原因).我知道您可以使用PHP更改标题:
I want to prevent certain files from ever being cached by a browser (for copyright reasons). I know you can change the headers using PHP:
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
这是否尽善尽美?谁能想到其他安全层?
Is this as good as it gets? Can anyone think of additional layers of security?
推荐答案
在资源的网址中添加时间戳记:
adding a timestamp in the resource's url:
http://example.com/img.jpg?t=12234234 //append this in the server side
这使浏览器和服务器始终认为它是新资源.只要确保每次的值都不同即可.这适用于任何资源(如果我错了,任何人都可以纠正我),例如纯html,图像等.
this fools the browser and server to think that it's a new resource everytime. just make sure the value is different everytime. this applies to any resource (anyone correct me if i'm wrong) like plain html, images etc.
但是,无论资源是否已过期,它仍然存储在缓存中.资源到期后,浏览器所做的所有工作就是等到用户再次检查该站点,重新下载该资源并覆盖缓存中的现有资源.在用户这样做之前,它不会从缓存中删除它们.
However, the resource is still stored in the cache regardless if it has expired. All the browser does when a resource expires is to wait until the user checks the site again, re-downloads the resource and overwrites the existing one in the cache. Until the user does that, it does not delete the ones from the cache.
另一种防止缓存的方法是在连接中使用SSL.默认情况下,浏览器不缓存SSL站点-这是主要原因,除了额外的解密开销外,为什么还避免在整个地方使用SSL.但是,仍然有些浏览器允许SSL缓存(据我所知,Firefox允许这样做),并且仍然没有改变资源发送到用户浏览器的事实-可以在调试器上对其进行拦截或查看.
Another way to prevent caching is to use SSL in your connection. By default, browsers do not cache SSL'ed sites - one of the main reasons, aside from additional overhead for decryption, why SSL all over the place is avoided. However, still, some browsers allow SSL caching (as far as i know, Firefox does) AND still does not change the fact that the resource is sent to the user's browser - which can be intercepted or viewed on a debugger.
以上所有方法都可以防止缓存,但不能防止任何人窃取您的图像.互联网的整个想法是从另一台计算机访问资源.话虽如此,用户已经可以访问这些资源.到达浏览器的任何内容均受用户意愿的约束.他可能会看它,看源代码,在到达时拦截它,使用调试器查看任何内容.
All of the methods above can prevent cache but will NOT prevent anyone from stealing your images. The whole idea of the internet is to access resources from another computer. With that said, the user HAS ACCESS to those resources. Anything that arrives to the browser is subject to the user's will. He may look at it, look at the source, intercept it on arrival, viewed using a debugger whatever.
您在互联网上放置的网页上的任何内容都像是在公开场合交出一百万美元-您无法阻止小偷观看,您可能不知道与您打交道的人是否也是小偷.
Anything you put in a web page on the internet is like handing over a million dollars in the open - you can't prevent thieves from watching, you may not know if the person you are dealing with is also a thief.
避免图像被他人拥有的唯一防呆方法是在图像上打上大水印!
The only fool-proof way to avoid you images from being owned by someone else is to place a big watermark on it!
这篇关于完全禁止浏览器缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
