|
|
 |
 |
|
|
| Internet
Security & Privacy |
| Types of
Cache & Security |
Browser Caches
If you examine the preferences dialog of any modern Web browser
(like Internet Explorer, Safari or Mozilla), you’ll probably
notice a “cache” setting. This lets you set aside a section of
your computer’s hard disk to store representations that you’ve
seen, just for you. The browser cache works according to fairly
simple rules. It will check to make sure that the
representations are fresh, usually once a session (that is, the
once in the current invocation of the browser).
This cache is especially useful when users hit the “back” button
or click a link to see a page they’ve just looked at. Also, if
you use the same navigation images throughout your site, they’ll
be served from browsers’ caches almost instantaneously.
Proxy Caches
Web proxy caches work on the same principle, but a much larger
scale. Proxies serve hundreds or thousands of users in the same
way; large corporations and ISPs often set them up on their
firewalls, or as standalone devices (also known as
intermediaries).
Because proxy caches aren’t part of the client or the origin
server, but instead are out on the network, requests have to be
routed to them somehow. One way to do this is to use your
browser’s proxy setting to manually tell it what proxy to use;
another is using interception. Interception proxies have Web
requests redirected to them by the underlying network itself, so
that clients don’t need to be configured for them, or even know
about them.
Proxy caches are a type of shared cache; rather than just having
one person using them, they usually have a large number of
users, and because of this they are very good at reducing
latency and network traffic. That’s because popular
representations are reused a number of times.
Gateway Caches
Also known as “reverse proxy caches” or “surrogate caches,”
gateway caches are also intermediaries, but instead of being
deployed by network administrators to save bandwidth, they’re
typically deployed by Webmasters themselves, to make their sites
more scalable, reliable and better performing.
Requests can be routed to gateway caches by a number of methods,
but typically some form of load balancer is used to make one or
more of them look like the origin server to clients.
Content delivery networks (CDNs) distribute gateway caches
throughout the Internet (or a part of it) and sell caching to
interested Web sites. Speedera and Akamai are examples of CDNs.
This tutorial focuses mostly on browser and proxy caches,
although some of the information is suitable for those
interested in gateway caches as well.
Cache & Security
SSL pages are not cached (or decrypted) by proxy caches, so you
don’t have to worry about that. However, because caches store
non-SSL requests and URLs fetched through them, you should be
conscious about unsecured sites; an unscrupulous administrator
could conceivably gather information about their users,
especially in the URL.
In fact, any administrator on the network between your server
and your clients could gather this type of information. One
particular problem is when CGI scripts put usernames and
passwords in the URL itself; this makes it trivial for others to
find and user their login.
If you’re aware of the issues surrounding Web security in
general, you shouldn’t have any surprises from proxy caches. |
|
| |
|
|
|
