Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Browser Back button opening up security holes???Browser Back button opening up security holes???
Previous
 
Next
New Post
6/12/2008 10:32 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

nope, not yet, i was working on 4.8.4 and 5.0 and can't risk breaking my machine - i'd be interested in seeing if anyone finds this is fixed but when I checked firefox's bugzilla list they had a number of outstanding bugs , some of them years old, so I don't think it's likely

Cathal

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
6/13/2008 12:41 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

keeperofstars,

Firefox 3.0, eh? I've seen only 3.0rc3 on their site, and this is for testing purposes only. I'm going thru the release notes and known issues. But even if the issue is resolved in this edition or future ones, we still need to inform DNN users to upgrade, I mean, there's no way to force anyone to upgrade just like there's no way to force users to use IE. And what about Netscape, Safari, Opera and all the other browsers out there? We come back to user education, as KeeperOfStars said!

I was looking for a way to invalidate the cache/session or some similar mechanism once a user logs out that would be effective across all browsers, but it looks like there's really no such mechanism that exists in DNN, especially with regard to Firefox as the caching is done in memory and not the filesystem. However, Cathal mentioned some settings we can try :

response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1))

response.Cache.SetCacheability(HttpCacheability.NoCache)

response.Cache.SetNoStore()

I'd like to know where I can set these myself.
 
New Post
6/13/2008 4:14 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

Well, well, well. See this : http://kb.mozillazine.org/Browser.cache.memory.enable where its mentioned that if browser.cache.disk_cache_ssl is set to true, secure pages will be stored in disk cache, not memory cache. Tried doing that and then fired off my site in Firefox and lo and behold, it worked! Of course, this was only possible by changing my browser config, so what I said in my previous post still stands.

Its interesting to note that wIthout changing any settings in Firefox, I went onto another site (of course this one was an ASP site without SSL) and logged in, viewed some  secure info, logged out, cliked back button several times. It always returned me to the login page. On a more comparable scenario, I set browser.cache.disk_cache_ssl back to false in Firefox, went to forums.asp.net, logged in, Clicked on Edit Profile, clicked on Email tab, logged out, clicked back button. I was greeted with an Authorization Required dialog. On cancelling, it popped up again. On re-cancelling, it gave me a "401 - Unauthorized: Access is denied due to invalid credentials.You do not have permission to view this directory or page using the credentials that you supplied." page.

Sorry folks, but I have to say DNN needs to be spruced up!
 
New Post
6/13/2008 12:07 PM
 
keeperofstars

Joined: 1/22/2008
Posts: 273

Well for one Firefox pretty much auto updates / forces the user to update on each official release. Granted Firefox 3 is still RC version. The config piece is interesting to find out. I'll post on the RC forums and as a dev tester that maybe Firefox 3 changes the default to be the other way around. Going to be a hard sell. Firefox is more about user freedom then rights of business's.

It's going to also slow their browsers speed down.

I'm trying to think of how DNN could be coded to handle it though, without breaking modules / upseting some user groups.

 
 
New Post
6/13/2008 1:19 PM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Webpages served over SSL should not be cached on disk.  Modifying this setting's default value sounds like it would circumvent a browser bug by introducting another (more severe) security risk.

Brandon

Brandon Haynes
BrandonHaynes.org
 
 Page 4 of 5
Previous12345Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Browser Back button opening up security holes???Browser Back button opening up security holes???


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out