caching – WindowsTechs.com

How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?

Posted on July 9, 2024 by AllExJ

About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by the victim? Is this doable in "norma… Continue reading How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?→

Signed but Unencrypted HTTP Traffic

Posted on November 16, 2022 by Jeroentetje3

A lot of the web is moving to HTTPS, which to my understanding does two things: Making the data unreadable by third parties, and verifying it’s coming from the expected sender.
The latter seems unarguably good, but the first also has some … Continue reading Signed but Unencrypted HTTP Traffic→

Does the Time-To-Live (TTL) value of DNS records have any security implications?

Posted on April 19, 2022 by Bob Ortiz

I’m currently reading about resource record in the Domain Name System (DNS), in particular about the Time to live (TTL) aspect of start of authority records (SOA) records. It seems to me that the TTL was firstly defined in RFC 1034 and la… Continue reading Does the Time-To-Live (TTL) value of DNS records have any security implications?→

Does Safari’s "Prevent cross-site tracking" option ACTUALLY prevent determined efforts at cross-site tracking? (By, e.g. Facebook)

Posted on September 17, 2021 by WHO's NoToOldRx4CovidIsMurder

In other words: Does Safari’s "Prevent cross-site tracking" option effectively prevent cross-site tracking? (Is it for purpose?) I though it would work; are my expectations off?
Or, more specifically, I’m wondering: Why is Facebo… Continue reading Does Safari’s "Prevent cross-site tracking" option ACTUALLY prevent determined efforts at cross-site tracking? (By, e.g. Facebook)→

Is it bad practice or major security risk to cache decoded auth tokens in my backend?

Posted on September 13, 2021 by H.Rahimy

I’ve set up a firebase passport strategy on a NestJS server which works fine, but I did not like the long load times it would incur on all requests that went through it. So I decided to cache decoded tokens until they are expired, and this… Continue reading Is it bad practice or major security risk to cache decoded auth tokens in my backend?→

Is Cache-control: no-store enough to prevent caching?

Posted on June 4, 2021 by vMittal

I have researched and understood that Cache-Control: no-cache is not sufficient alone to absolutely prevent caching, but what about Cache-Control: no-store alone? Since it will not allow storing of cache anywhere, this seems to be enough f… Continue reading Is Cache-control: no-store enough to prevent caching?→

Can nginx do HTTPS content caching if used as tunnel/caching proxy? If yes, how? [migrated]

Posted on April 24, 2021 by Shreya Kulkarni

Can nginx do HTTPS content caching if used as tunnel/caching proxy? If yes, how?

Continue reading Can nginx do HTTPS content caching if used as tunnel/caching proxy? If yes, how? [migrated]→

How can I protect browser cached files to be accessed in a case of a stolen hard drive?

Posted on April 21, 2021 by Nicolas B

For the usual reasons we want to cache certain resources browser side, e.g. list of products bought in the past.
Context is a web application, accessed via the internet.
This list is confidential in my case, and I want to mitigate the case… Continue reading How can I protect browser cached files to be accessed in a case of a stolen hard drive?→

Local IndexedDB in Browser – is it really a security risk?

Posted on April 12, 2021 by lecarpetron dookmarion

We have a web application that stores cached information in browser (both is firefox and chrome).
When we subjected it to Penetration Testing, a finding was filed saying that "Senstive Data such as Database Name, Storage and Version w… Continue reading Local IndexedDB in Browser – is it really a security risk?→

Why doesn’t Google Chrome allow us to block caching on certain websites?

Posted on March 25, 2021 by JobHunter69

If I wanted to visit a sketchy website and was able to block attempted caches from it, wouldn’t this make our browsing a lot safer?

Continue reading Why doesn’t Google Chrome allow us to block caching on certain websites?→