You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2013/10/30 00:25:26 UTC
[Bug 55721] New: HTTP Cache Manager - no-store directive is wrongly
interpreted
https://issues.apache.org/bugzilla/show_bug.cgi?id=55721
Bug ID: 55721
Summary: HTTP Cache Manager - no-store directive is wrongly
interpreted
Product: JMeter
Version: 2.6
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P1
Component: HTTP
Assignee: issues@jmeter.apache.org
Reporter: p.mouawad@ubik-ingenierie.com
CC: alexandru.ersenie@gmail.com,
p.mouawad@ubik-ingenierie.com
Depends on: 53540
We had a discussion a while ago about no-cache and no-store.
It seems we may not have correctly understood no-store.
14.9.2 What May be Stored by Caches
no-store
The purpose of the no-store directive is to prevent the inadvertent release
or retention of sensitive information (for example, on backup tapes). The
no-store directive applies to the entire message, and MAY be sent either in a
response or in a request. If sent in a request, a cache MUST NOT store any part
of either this request or any response to it. If sent in a response, a cache
MUST NOT store any part of either this response or the request that elicited
it. This directive applies to both non- shared and shared caches. "MUST NOT
store" in this context means that the cache MUST NOT intentionally store the
information in non-volatile storage, and MUST make a best-effort attempt to
remove the information from volatile storage as promptly as possible after
forwarding it.
Even when this directive is associated with a response, users might
explicitly store such a response outside of the caching system (e.g., with a
"Save As" dialog). History buffers MAY store such responses as part of their
normal operation.
The purpose of this directive is to meet the stated requirements of certain
users and service authors who are concerned about accidental releases of
information via unanticipated accesses to cache data structures. While the use
of this directive might improve privacy in some cases, we caution that it is
NOT in any way a reliable or sufficient mechanism for ensuring privacy. In
particular, malicious or compromised caches might not recognize or obey this
directive, and communications networks might be vulnerable to eavesdropping.
According to this is seems browser does not cache a response with no-store:
"and MUST make a best-effort attempt to remove the information from volatile
storage as promptly as possible after forwarding it. "
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 55721] HTTP Cache Manager - no-store directive is wrongly
interpreted
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55721
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends on|53540 |
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 55721] HTTP Cache Manager - no-store directive is wrongly
interpreted
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55721
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Philippe Mouawad <p....@ubik-ingenierie.com> ---
Date: Tue Oct 29 23:28:43 2013
New Revision: 1536928
URL: http://svn.apache.org/r1536928
Log:
Bug 55721 - HTTP Cache Manager - no-store directive is wrongly interpreted
Bugzilla Id: 55721
Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java
jmeter/trunk/test/src/org/apache/jmeter/protocol/http/control/TestCacheManager.java
jmeter/trunk/xdocs/changes.xml
Date: Tue Oct 29 23:30:12 2013
New Revision: 1536929
URL: http://svn.apache.org/r1536929
Log:
Bug 55721 - HTTP Cache Manager - no-store directive is wrongly interpreted
Check for npe
Bugzilla Id: 55721
Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java
--
You are receiving this mail because:
You are the assignee for the bug.