Jump to content

Google Web Accelerator - Security Risk

Ryan FB

Recommended Posts

Just thought I'd warn the people here, especially since this a registered-users-only forum. Google's new web accelerator works by caching pages you view and serving them up to other people who request them. The problem is, in its current incarnation, it is a major security/privacy risk. Any page you view while using the accelerator can be viewed by any other user. So, for example, if you log in to LCVG while using the accelerator and view your private messages, anyone else visiting the site might see those pages and be able to view those messages as well. The only pages not affected by this are https, ones you specifically tell the accelerator to exclude, and pages which serve up specific messages saying they should not be cached. I haven't seen if LCVG specifically is affected, but many other forums are. I would strongly advise against using it in its current form.

Link to comment
Share on other sites

Just an update to say that LCVG is probably not affected by this as it sends out "Cache-Control: private" with the headers for forum pages, which the accelerator seems to obey. Apparently, GWA ignores the "Cache-Control: no-cache" directive that some servers use instead.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...