Submitted via IRC for TheMightyBuzzard
Mozilla on Monday was the first to make an official announcement, but the developers of Chrome, Edge and WebKit (the layout engine used by Apple's Safari) said they plan on doing the same.
AppCache is an HTML5 application caching mechanism that allows website developers to specify which resources should be available offline. This improves speed, reduces server load, and enables users to browse a site even when they are offline.
While application caching has some benefits, it can also introduce serious security risks, which is partly why it has been deprecated and its use is no longer recommended.
Source: https://www.securityweek.com/major-browser-vendors-restrict-appcache-secure-connections
This discussion has been archived.
No new comments can be posted.
Major Browser Vendors to Restrict AppCache to Secure Connections
|
Log In/Create an Account
| Top
| 13 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 4, Interesting) by frojack on Wednesday February 14 2018, @09:10PM (5 children)
You don't need this. Just turn it off in your browser's setting.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday February 14 2018, @10:23PM
Pity that every website just has to have their own copy of jquery in the cache even if it is the same version
(Score: 2) by driverless on Thursday February 15 2018, @05:35AM
In addition, since anyone can use Let's Encrypt to get a (snort) "secure" connection, what the headline should really say is "Major Browser Vendors to Restrict AppCache to Malware Authors Who Can't Figure out Let's Encrypt".
(Score: 0) by Anonymous Coward on Thursday February 15 2018, @06:00AM (2 children)
Firefox protip time:
* you can see your situation in about:cache
* browser.cache.offline.enable is the master switch
* If you just want to be asked for permission for using it there is offline-apps.allow_by_default
(Score: 0) by Anonymous Coward on Thursday February 15 2018, @06:09AM (1 child)
Aaaand, to clear the cache open prefs > advanced > network or manually wipe OfflineCache under your profile directory.
(Score: 2) by KritonK on Thursday February 15 2018, @10:03AM
Quite predictably, there is no prefs->advanced in Firefox 58, so the offline cache cannot be wiped from there.
History->Clear Recent History does have an Offline Website Data entry, though, which I assume does the same thing.
(Score: 5, Insightful) by Azuma Hazuki on Wednesday February 14 2018, @10:26PM (5 children)
We should not be running programs in browsers. ActiveX was a stupid, foolish, insecure idea, and this looks to be worse in some ways.
I am "that girl" your mother warned you about...
(Score: 2) by Pino P on Thursday February 15 2018, @05:55AM (1 child)
Would you prefer having to buy a different operating system or a different brand of computer in order to run an application? Even if you get source code, source code designed for Win32 or Cocoa API might not compile, link, and run correctly on a GNU/Linux box.
(Score: 0) by Anonymous Coward on Thursday February 15 2018, @07:55AM
I'd prefer it if programmers stopped writing shitty unportable programs altogether. Ideally, people would stop writing programs for proprietary operating systems as well. If a program wouldn't exist if there were no web "apps", then good riddance to bad rubbish.
(Score: 2) by FatPhil on Thursday February 15 2018, @06:38PM (2 children)
Plenty of these "apps" the kids are running are just chromeless browser windows (or at least the portable ones written in HTML5). The first one I remember was on an old Nokia phone from >5 years back - Nokia Maps was effectively just a chromeless web-browser, where the browser instance was running only that trusted (and of course bug-free) app. Browsers that insist on only having one instance, and on having windows able to fiddle with each others' bits need not apply.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Azuma Hazuki on Thursday February 15 2018, @08:07PM (1 child)
That's a big "if." As it is, I'd prefer something like running each app in some kind of lightweight virtualization container, and even *that's* not foolproof given, among other things, the recent speculative execution bugs.
I am "that girl" your mother warned you about...
(Score: 2) by FatPhil on Friday February 16 2018, @06:59AM
And your calendar.
And your photos.
And your bank details.
And your soul.
And your arsehole.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Thursday February 15 2018, @06:02PM
i don't really understand all the possibilities of "interception mitigation" security,
but it is strange that two computers/devices on the same home-LAN going thru the same
NAT-gateway have to both load the same youtube "from-that-far-away-server" at 7pm high-traffic-jam
situation TWICE.
like: "duh, dude didn't you just load that youtube vid two seconds ago?
"sure did."
"why the f... is it buffering on my computer, then?"
that's the "webapps" mentioned and driving all the squids to starvation?
if anybody making them webapps cared about responsiveness ("MUHAHAHA") then one
could make "no-cache" directive strict and only honored by client-requesting if
the "no-cache" comes over https?
of course this doesn't guarantee squids will get fatter (and users happier), since
required re-load and FORCED interactivity (and non-cachability) is what drives insight
into user behavior and thus information that can be sold (or presented) to people wanting maximum
impact for their advertisement dollars?