Stories
Slash Boxes
Comments

SoylentNews is people

Major Browser Vendors to Restrict AppCache to Secure Connections

posted by Fnord666 on Wednesday February 14 2018, @08:34PM   Printer-friendly
from the MiTM-FTW dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Mozilla on Monday was the first to make an official announcement, but the developers of Chrome, Edge and WebKit (the layout engine used by Apple's Safari) said they plan on doing the same.

AppCache is an HTML5 application caching mechanism that allows website developers to specify which resources should be available offline. This improves speed, reduces server load, and enables users to browse a site even when they are offline.

While application caching has some benefits, it can also introduce serious security risks, which is partly why it has been deprecated and its use is no longer recommended.

Source: https://www.securityweek.com/major-browser-vendors-restrict-appcache-secure-connections

Original Submission

 
This discussion has been archived. No new comments can be posted.
Major Browser Vendors to Restrict AppCache to Secure Connections | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday February 15 2018, @06:02PM

    by Anonymous Coward on Thursday February 15 2018, @06:02PM (#638333)

    i don't really understand all the possibilities of "interception mitigation" security,
    but it is strange that two computers/devices on the same home-LAN going thru the same
    NAT-gateway have to both load the same youtube "from-that-far-away-server" at 7pm high-traffic-jam
    situation TWICE.

    like: "duh, dude didn't you just load that youtube vid two seconds ago?
    "sure did."
    "why the f... is it buffering on my computer, then?"

    that's the "webapps" mentioned and driving all the squids to starvation?
    if anybody making them webapps cared about responsiveness ("MUHAHAHA") then one
    could make "no-cache" directive strict and only honored by client-requesting if
    the "no-cache" comes over https?

    of course this doesn't guarantee squids will get fatter (and users happier), since
    required re-load and FORCED interactivity (and non-cachability) is what drives insight
    into user behavior and thus information that can be sold (or presented) to people wanting maximum
    impact for their advertisement dollars?