You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Brahma Reddy Battula (Jira)" <ji...@apache.org> on 2022/12/10 10:53:00 UTC

[jira] [Comment Edited] (HADOOP-18566) Set Cache-Control no-store max-age as 0 header on all dynamic content

    [ https://issues.apache.org/jira/browse/HADOOP-18566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645577#comment-17645577 ] 

Brahma Reddy Battula edited comment on HADOOP-18566 at 12/10/22 10:52 AM:
--------------------------------------------------------------------------

Currently we are setting only "no-cache" no-cache filter. There should be probability of session hijack.

 
As browsers to store pages under the user's browser cache. On a public computer, a shared system or a machine in a semi-public area such as a call center, a malicious person may search through the browser cache to locate the sensitive information cached during the previous user's session


was (Author: brahmareddy):
I think, it's good to have as per security concern.

> Set Cache-Control no-store max-age as 0 header on all dynamic content
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-18566
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18566
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Bilwa S T
>            Assignee: Bilwa S T
>            Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org