Hi, all,

Sorry for cross-posting this to the list and the forums, but I am in
desperate need for some guidance here (I have researched the web for the last
24 hours, almost continuously, to no avail).

My company has recently deployed self-service apps (started with the HR
"module"), and we discovered that a problem with utilizing this system,
especially in areas where PCs are shared, consists in the ability of users to
choose methods as simple as (in MS Explorer, for example): work offline -->
then history --> then picking on previously visited pages and looking other
people's info, regardless of whether previous users have logged off the
application properly, or not

We have found solutions at the browser level (e.g. as we are running SSL -
just keeping encrypted pages from being saved, by doing the following in IE:
Tools --> Internet Options ... --> Advanced --> Security --> Do not save
encrypted pages to disk - and even found ways to deploy this via a registry
hack through the login script) on how to keep this from happening, but
sophisticated users will always undo those changes, aside from the
administrative nightmare such solutions would require across multi-thousand
multi-country PCs (thus browsers) deployment.

As we are running Apache at the server end, I was wondering if anyone would
have a good recommendation for forcing the "non-caching"/"non-history
keeping" of such pages. I am aware of the possibility of utilizing Metatags
and/or Pragmas (e.g. expiration forced, etc.) in "static HTML", but this
won't work properly in the environment of dynamically created pages as in the
self-service apps of Oracle ... so - has anybody ever run across this problem
(I would see as a basic security requirement, but couldn't find any docs
discussing it). How did you address it?



Please see the official ORACLE-L FAQ: http://www.orafaq.com
Author: stef
INET: stefmit_at_starband.net

Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 1 | next ›
Discussion Overview
grouporacle-l @
postedOct 25, '02 at 12:08p
activeOct 25, '02 at 12:08p

1 user in discussion

Stef: 1 post



site design / logo © 2022 Grokbase