http proxy caching headers

Posted by David Hagan on Server Fault See other posts from Server Fault or by David Hagan
Published on 2011-01-11T03:59:54Z Indexed on 2011/01/11 4:55 UTC
Read the original article Hit count: 410

Filed under:
|
|
|

I have a service for which I'm about to upgrade the authentication. However, I'm trying to ensure that I make the right decision about where the encryption algorithms occur. I currently have two options:

option 1) the authentication module is deployed to the client as a javascript library over https and executes client-side, so that the client can POST back an encrypted string.

option 2) the authentication module is kept server-side so that the client need only POST back an unencrypted string.

I know that many http proxies cache/log the query-string (and therefore any query parameters), but does anyone know of any http proxies that cache the headers as well?

If the headers are being cached, then I'll clearly want to encrypt the password inside the SSL encryption, because to my understanding the headers of an HTTPS request may not always be encrypted (depending on the capabilities of the browser etcetera).

Can anyone shed any light on the caching of headers by http proxies? Do you have one that does, or know of one that does?

© Server Fault or respective owner

Related posts about proxy

Related posts about http