[KLUG Members] Squid "no_cache"

[Adam Tauno Williams]

>>IF squid caches likes like that), it wouldn't waste much disk space, and
>>it wouldn't hurt anything since the session ID is in the URL, and won't
>>be duplicated among other users.
>>By not caching the entire site, you're losing out on caching the
>>graphics files that go on the web pages.  Those could save a lot of
>>internet bandwidth by sharing the graphics on your home network.
>Dang, you sure are hard to convince! :-)))))
>OK, I'll try a different "attack"...
>User1 on PC1 is reading an Email about super secret thingy1...  
>http://www.fastmail.fm/mail2/~aaaaaaaaaaa....
>User2 on PC2 is reading an Email about super secret thingy2...  
>http://www.fastmail.fm/mail2/~bbbbbbbbbbb....

If the e-mail is important why isn't it https://  If it was https:// there would
be zero/no/null chance of a user reading another users mail, because it is
encrypted between the browser and the server, not the browser and squid.

>User3 is a part-time admin person I have manage my IPCop box (he/she has
>the Admin password).
>User3 is pissed at me for asking he/she too many damn questions!

If this actually happens then (a) the squid on the ipCop box is *S*C*R*E*W*E*D*.
 We use webmail corporately, and no chance of accidentally calling up someone
else's mail, or (b) www.fastmail.fm is seriously flawed.

I've never used the no cache directive, but if either of the above is true you
could use it as a stop gap measure I suppose - until you fix the real problem.

>So, User3 logs into the IPCop box and proceeds to read User1's and
>User2's secret Emails.
 
Should never happen, ever.

>And, User3 learns about some secret "TheBS" thing trying to conquer the
>world!

But then User3 may have enough time to sneak out of the building on the pretense
of getting lunch and then notify the Super Friends (aka, Bob, Bruce, and Peter -
come on, just picture the three of them together wearing tights!).  User3 will
then get credit for saving the free^H^H^H^H DRM enabled world - insuring him or
her the spot at the end of the show where they get to deliver a trite moral
message to justify violence-as-entertainment-for-children to flower power moms
and dads.