What are the dangers in exposing static resources of your secure web application unsecured?

Posted by Dan on Stack Overflow See other posts from Stack Overflow or by Dan
Published on 2010-03-24T12:59:17Z Indexed on 2010/03/24 13:13 UTC
Read the original article Hit count: 217

Filed under:

web-development

|

web-applications

|

security

|

https

|

caching

We are creating typical web applications secured by https. In order to be able to cache static resources, I would like to expose images, javascript files etc. over http. Otherwise they don’t get cahched. Is this advisable from security point of view? What are the risks involved?

© Stack Overflow or respective owner

Related posts about web-development

Web Development - How to Get Started in Web Development

as seen on Ezine Articles - Search for 'Ezine Articles'
11 years ago I purchased a book about basic HTML development. A purchase that would end up defining my entire professional career. I bought it because I wanted to create a web page for a school project. This was in the days of Geo city sites and it looked absolutely horrible. >>> More
PHP Web Development, Web Development Using PHP As an Open Source

as seen on Ezine Articles - Search for 'Ezine Articles'
PHP is a widely-used general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is the most famous language nowadays as it is an open source and web development requires no costs in implementation. >>> More
How to get full query string parameters not UrlDecoded

as seen on Developer IT - Search for 'Developer IT'
Introduction While developing Developer IT’s website, we came across a problem when the user search keywords containing special character like the plus ‘+’ char. We found it while looking for C++ in our search engine. The request parameter output in ASP.NET was “c “.… >>> More
Tracking download of non-html (like pdf) downloads with jQuery and Google Analytics

as seen on Developer IT - Search for 'Developer IT'
Hi folks, it’s been quite calm at Developer IT’s this summer since we were all involved in other projects, but we are slowly comming back. In this post, we will present a simple way of tracking files download with Google Analytics with the help of jQuery. We work for a client that offers… >>> More
What is the best .NET web development framework?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm looking for a framework to simplify the creation of a website with social networking features and plenty of custom functionality. I'm quite keen to use an ORM like nHibernate or similar for data access. Would DotNetNuke be a good choice? Or are there other options which are better. Added: I'm… >>> More

Related posts about web-applications

Modularizing web applications

as seen on Stack Overflow - Search for 'Stack Overflow'
Hey all, I was wondering how big companies tend to modularize components on their page. Facebook is a good example: There's a team working on Search that has its own CSS, javascript, html, etc.. There's a team working on the news feed that has its own CSS, javascript, html, etc… >>> More
Adding AJAX Support to Windows Mobile Web Applications

as seen on Internet.com - Search for 'Internet.com'
In this article, you will learn how you can utilize AJAX scripts even in Web applications targeted for Windows Mobile applications. >>> More
Globalize your Web Applications: The Universal Character Set

as seen on Internet.com - Search for 'Internet.com'
This fourth article the Globalize your Web Applications series deals with something that's at the forefront of your web apps: the character sets. More specifically, we'll be taking a look at the Universal Character Set (UCS) and its role in creating multilingual web pages. >>> More
Globalize your Web Applications: PHP's Locale Formatting Classes

as seen on Internet.com - Search for 'Internet.com'
In part 3 of the Globalize your Web Applications series, we'll be exploring PHP's I18N_Number and I18N_Currency classes, both of which are part of the I18N Libraries. >>> More
Singleton pattern in web applications

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using a singleton pattern for the datacontext in my web application so that I dont have to instantiate it every time, however I'm not sure how web applications work, does IIS open a thread for every user connected? if so, what would happend if my singleton is not thread safe? Also, is it OK to… >>> More