http proxy caching headers
Posted
by
David Hagan
on Server Fault
See other posts from Server Fault
or by David Hagan
Published on 2011-01-11T03:59:54Z
Indexed on
2011/01/11
4:55 UTC
Read the original article
Hit count: 410
I have a service for which I'm about to upgrade the authentication. However, I'm trying to ensure that I make the right decision about where the encryption algorithms occur. I currently have two options:
option 1) the authentication module is deployed to the client as a javascript library over https and executes client-side, so that the client can POST back an encrypted string.
option 2) the authentication module is kept server-side so that the client need only POST back an unencrypted string.
I know that many http proxies cache/log the query-string (and therefore any query parameters), but does anyone know of any http proxies that cache the headers as well?
If the headers are being cached, then I'll clearly want to encrypt the password inside the SSL encryption, because to my understanding the headers of an HTTPS request may not always be encrypted (depending on the capabilities of the browser etcetera).
Can anyone shed any light on the caching of headers by http proxies? Do you have one that does, or know of one that does?
© Server Fault or respective owner