Google Web Accelerator security issue

Discuss site matters here

Moderators: FishPants, ooRip

Post Reply
User avatar
Al
Posts: 2233
Joined: Wed Oct 13, 2004 11:46 am

Google Web Accelerator security issue

Post by Al »

Google's got a new piece of software out. It's an HTTP proxy that will cache pages that you might look up then reuse them when other users hit the same page.

The problem is that some forms (including Something Awful's) are reporting that the cached pages include specific user information which means that other users could end up getting logged in on accounts that aren't theirs. This shouldn't happen if you've got pragma set to private (I haven't checked OO but I'm sure Rip or Gedd would know right off the bat) but I thought it was worth a heads up.
Top
User avatar
Rip
Posts: 26891
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:
Contact Rip

Post by Rip »

Since everything in between the user and OO is not encrypted, I would not expect anything to be private. If such a thing were to become a concern I would suggest moving to https:

At this point I doubt there is a need.

Rip
“A simple democracy is the devil’s own government.”
— Benjamin Rush
 --
Top
User avatar
LawBeefaroni
Forum Moderator
Posts: 55452
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Post by LawBeefaroni »

F'k HTTP proxies. I got highspeed.

Should make for some fun new googlehacking though.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
Top
Post Reply

Return to “The Overlords Meta Forum”