Topic: some files inside the enterprise are browsed online through flexpaper. The original office files are converted into swf files, which are only accessible to employees online, copying, printing, and propagation are not allowed. If the local cache (temporary) folder contains this swf file, you can...
Topic: some files inside the enterprise are browsed online through flexpaper. The original office files are converted into swf files, which are only accessible to employees online, copying, printing, and propagation are not allowed. If the local cache (temporary) folder contains this swf file, it can be directly removed and disseminated (even if it cannot be completely controlled, however, if the temporary IE Folder does not cache the file at will, the effect can be achieved to a certain extent)
I hope that the user's local IE Temporary Folder cannot cache the content of a page. The search materials are generally controlled by headers in php and meta in html. Then I tried it and the results didn't work, the content of this page can still be found in the local cache folder corresponding to IE. Please give me some advice. Thank you.
Reply content:
Topic: some files inside the enterprise are browsed online through flexpaper. The original office files are converted into swf files, which are only accessible to employees online, copying, printing, and propagation are not allowed. If the local cache (temporary) folder contains this swf file, it can be directly removed and disseminated (even if it cannot be completely controlled, however, if the temporary IE Folder does not cache the file at will, the effect can be achieved to a certain extent)
I hope that the user's local IE Temporary Folder cannot cache the content of a page. The search materials are generally controlled by headers in php and meta in html. Then I tried it and the results didn't work, the content of this page can still be found in the local cache folder corresponding to IE. Please give me some advice. Thank you.
I can still find the content of this page in the local cache folder corresponding to IE
It is normal to find in the cache folder.
As for your question, "How to disable a user ?"LocalCache, you can set the cache folder to read-only. Don't laugh. I'm serious.
You only read the header. Why not check the Status Code? If it is 304, it indicates Not Modified, indicating that it has been cached.
If it is cached, will it be found in the local cache folder? The answer is yes.
LocalCache is a function of the browser, so you don't have to worry about it.
The purpose of disabling cache is: When you request a web server, the server always gives the latest file to the browser, instead of checking whether the file has been updated. When the file is sent back to the browser, IE stores the file (or a part) locally.
Although this folder is called a cache folder, it is actually a Temporary Folder 」.
Other browsers may not use cached folders, such as using a small database system, such as sqlite.
In fact, putting the memory content on the hard disk is a tradition and a philosophy.
The operating system also often puts some memory into the hard disk. "Microsoft" calls it "Virtual Memory 」.
Finally, I answered the author's question: How can I disable the local cache? No.
I have to disable it.
- Set to read-only
- It should be disabled in IE settings.
- Modify registry
In addition, I will give my views:
In this environment, what you need is definitely a needClient cooperationIs used to modify the browser behavior, rather than simply developing on the server.
To simplify the process, you can develop plug-ins for browsers to modify and constrain browser cache behaviors. Then, on the server side, you must install your plug-in to provide the content. However, this method still has the risk of packet capture by HTTP. It is difficult for an intranet thief to defend against attacks.A certain degree of securityThat's enough.
I think the better solution is to simply abandon the Web application architecture and use the client software instead. In terms of content format, flash is also abandoned, rather than simply transmitting low-resolution images with watermarks. Asymmetric encryption is introduced in network transmission. In this way, as long as the private key of the server is not disclosed, it can be said that no one can get the original printed quality documents.
However, this still prevents screenshots, videos, photos, and even simpler data leaks due to various causes such as human memory. I don't have much to explain these methods. Let's identify them.
Thank you for your invitation. Indeed, it is ridiculous to confront the cache system and attempt to change the browser settings of all users. However, this is not a work und.
The details are HTTP requests with POST data, which are generally not cached. The 2616 POST section of RFC 9.5 has the following annotations:
Responses to this method are not cacheable, unless the response provided des appropriate Cache-Control or Expires header fields. however, the 303 (See Other) response can be used to direct the user agent to retrieve a cacheable resource.
In fact, it is easy to understand: POST is a large amount of data, and the browser cache cannot afford or retrieve.
In this way, the method is simple: load an empty framework on the main webpage, and submit an AJAX request with POST data to load substantive data. The cache parameters on the server can also be used.
But note: this is only in general, so that the browser does notLong-term reservation. Not to mentionGuaranteeThe browser will not cache this content. After all, the client behavior is beyond your control. Especially for the sake of performance, there is almost no possibility of confrontation as long as there is a high-speed cache made in a short period of time.
However, more importantly, I 'd like to know why you are so concerned about your use of the browser's local cache.
Data confidentiality? However, as long as you are dealing with the browser environment, your transmission and webpage content are intercepted, copied, analyzed, and contaminated, there is nothing you can do as long as you are willing. (What you need is a dedicated server-client structure)
Guaranteed timeliness? This eliminates the need to disable the local cache of the client.
I cannot guess the purpose of your question. So I suggest you add your application environment and the purpose you want for your reference. Instead of sticking to a technical goal.
The content of the response headers in firefox that gets the video file in NetEase cloud class is as follows:
I used the IE browser to play the video. The corresponding video file was not found in the local cache (temporary) folder. I guess it should have been processed by the server.
The essential requirement for this problem is to implement document security in the browser. I know several methods:
1. Use the control in IE to control the permissions of office documents. You can first check NTKO information.
2. convert to the FALSH format, as if to control each time you get a page of content from the server, this greatly increases the difficulty of getting the file.
A related non-technical question:
Screen recording software!
As long as it is a static resource, the browser will always "save" during the loading process ". In other words, you can get your path through firebug or source code, and download it directly. You may want to change the idea of controlling browser cache.
@ Adam's statement may be a common practice. Similarly, for online document reader, Flash is a player/reader. For security reasons, Flash has built-in encryption/decryption or encoding algorithms. When reading the document, Flash accepts parameters. Flash dynamically sends requests to the server to read data, loads one or several pages at a time, and is decoded and finally displayed. In this process, the user's browser caches only Flash itself without data.
Example: http://www.docin.com/p-562081174.html
The data he loads is: http://docin.oss.aliyuncs.com/docin_562081174.docin
Of course, this data file is encrypted.
PS. At the end of the article, my answer may not be correct. You want to solve the problem on the existing things. I have proposed another implementation method, and there is still a cost.
In this case, you cannot prohibit general browsers (such as IE, Chrome, and Firefox) from caching swf files, unless you develop customized browsers or develop a new format, use your special plug-in for playback.
To achieve confidentiality, you can start with the following aspects:
- Streaming playback, like all major video websites, the content is actually on the server side. A segment is sent to the browser side, only in memory, not on the hard disk. The slow storage file on the hard disk is only a SWF-format receiver (player.swf)
- Use php to dynamically generate a swf file. The file is embedded with a unique ID code to bind the visitor's identity (such as the employee ID, Intranet IP address, and login name). It doesn't matter if you cache it, then you can find out the source of the leak.
- Set a shell for each swf (the shell is also the swf developed by actionscript). The shell is responsible for interacting with the server through HTTP and obtaining necessary authorization to play back the office documents behind it. The authorized interaction with the server allows viewers to participate (such as using an account to log on) or not (such as verifying IP addresses and playing only on the Intranet ). If someone takes it home, it fails to request server authorization.