Lucky Green wrote:
Yes, Netscape caches passwords.
[ forwarded message from sfnb deleted ]
The problem is that form post data was being used as part of the database key for storing and accessing form posts in our cache. The current work around for this problem is to use the 'pragma: no-cache' HTTP header. I just sat down with the responsible engineer and helped him fix this. The fix will be in our next beta (marketing name of Atlas Preview Release 2, user-agent of Mozilla/3.0b3). This next beta will also include several other security/privacy related features/preferences: 1) Preference to enable sending of email address for anon ftp password. The 2.0 release always sends "mozilla@" as the anon ftp password, to protect the privacy of our users. We are now giving the user the ability to enable sending of their e-mail address if they choose. 2) Warning dialog on "mailto:" form posts. The user will be warned that the form submission is via e-mail and will be given the opportunity to cancel the operation. The warning can be turned off via a preference. 3) There will be an option to enable/disable disk caching of documents retrieved over an SSL connection. The current (2.01) behaviour is to always cache such documents in the absence of the "Pragma: no-cache" header. The new option will default to not caching SSL-fetched documents, but will allow the user to enable caching if they desire. This option will not effect caching of documents retrieve in the clear via un-encrypted http (which can be disabled by turning off the disk cache). 4) Dialog for cookie acceptance. There will be an option to enable a dialog that will be displayed whenever you are sent an HTTP cookie. This dialog will allow you to discard the cookie. 5) You will be able to disable/enable SSL2 and SSL3, and the specific cipher-suites. For example, if you use the US-domestic version of the navigator, you can turn off the export ciphers to ensure that you never send any data over SSL using 40-bit secret keys. I look forward to any feedback people may have on these new options once the new beta is out. Sorry, but I can't tell you the exact date yet... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.