Is there a secure browser cache?
Asked Answered
H

1

3

Note: this is a different problem to https - it's related to privacy security

I'm trying to figure out if there's a way to take load off our server [cache] by pushing information to the browser. Is there any technology that will provide secure caching that is bound to a session?

We have privacy-sensitive data that's often used, but will not change much. Re-requesting updates from the server/database all the time will reduce the sensitivity.

The solution cannot rely on any page being held open the entire time (e.g. no framesets). Navigation away from a page (or opening a new tab) is allowed.

Does Google Gears fit here? I can't find any way of tying the cache to the session.

The problem domain is cafe/shared machine login with multiple web app users. e.g. when the session expires, or the user logs off, there should be no cached data anywhere. While they are logged on, I presume that nobody will else have physical access to the computer.

See also Can HTML5 sessionStorage be written to disk?

Holtz answered 20/11, 2008 at 1:34 Comment(0)
A
2

You'll have HTML5.0 with local database-like features. However what do you mean by secure? HTML5.0 will be secure against cross-site issues, but the user will still have full access to the data, I don't think encryption is required.

Google gears does fit, but its not a standard while HTML5.0 is, Safari supports 5.0, and I guess Opera and Firefox will too by mid 2009, if they don't already. Explorer, probably will have some buggy implementation so they can force developers to use Silverlight.

Edit: Stephen, I see you need to destroy the cache after they leave, of course unless their machine has a proximity sensor this won't be possible :) But you could have your Javascript delete everything when they Logoff for example.

Link to HTML5.0 specs,

Link to HTML5.0 Cache specs

Link to HTML5.0 session storage specs (By popular request :)

Account answered 20/11, 2008 at 1:37 Comment(4)
I've updated the question to clarify. When the session expires and the person walks away from the computer, the cached information should not be retrievableHoltz
Don't forget that Chrome has Gears built-in.Moonshot
Yes Chrome has Gear built in, Gears is awesome no doubt, and I'm sure Google will provide V8 with an HTML5.0 valid API for Gears, but it hasn't yet as far as I know.Account
If you put a link to whatwg.org/specs/web-apps/current-work/… in somehow, I'll give you a tick :)Holtz

© 2022 - 2024 — McMap. All rights reserved.