cache control:private what does it mean?????

[dmjpro]

friends ....
i have a response header Cache-Control:private then the proxy-cache does not happen.....only local cache happens

m i right .....

plz help me out .......

thanx

[Rob Pomeroy]

What do you mean by "proxy-cache" and what are you trying to achieve?

[dmjpro]

sorry i never think of it ... just i heared the name and have no clear definition...

good to see u ask me ... i sense myself what i have about cache .....

so plz clearify me one thing when a response comes via proxy and then finally to the client then the page .. how decides that where to do cache , means local or proxy...or both

plz help me ..... thanx

[Rob Pomeroy]

Okay, well proxies are usually outside of the control of the client or server in a typical HTTP transaction.  You must therefore treat them as untrusted - in other words, even if you ask the proxy not to cache the page in question, you cannot force the proxy to honour that request.  The best you can do is use HTTPS for sensitive transactions and hope that the client is not using a proxy for port 443 transactions.

Personally, I wouldn't distinguish between proxy and client cache in this way.  If you don't want the client to cache the page, you certainly don't want the proxy to cache it.  So set the page to expire at some date in the past and issue a "pragma:no-cache" header.

[dmjpro]

thnax for ur reply ....

tell me one more thing .... 443 transaction ..... i don't know about it ...

then say ... what Cache-Control:private does it mean really

thanxxxxx

[Rob Pomeroy]

tell me one more thing .... 443 transaction ..... i don't know about it ...

I have no idea what you mean.

then say ... what Cache-Control:private does it mean really

Have a read >here<.  (And >here's< a more simple explanation.)  As I say, you can never be sure that an intervening proxy will abide by cache directives.

[dmjpro]

i mean what happens if proxy uses port 443 for transaction ......


plz help me ...  thanxxx

[Rob Pomeroy]

Ah right, sorry.  Port 443 is used by HTTPS - in other words, secure web transactions - the kind that you would use for online banking.  HTTPS is an encrypted protocol, designed to reduce the risk of someone viewing the contents of the web transaction.  Plain HTTP, which is unencrypted, uses port 80.  In my view, there is generally no harm in using a proxy for plain HTTP transactions, since they should not contain sensitive data.  Using a proxy for port 443 transactions however reduces the security of HTTPS and makes a so-called "man in the middle" attack relatively trivial.

[dmjpro]

ok it's ok ... thanx for ur reply

ok i ll check out ur link .....

thanx again