Are proxy servers safe to use for online banking or purchases using a credit card? Will the server save my customers'...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
information? Will hackers have access to their info on the server?
When using a proxy server, the user is connected to the server, not the Web site in their browser, because the proxy acts as a client on behalf of the user. It uses one of its own IP addresses to request the page from the server located on the Internet. Once the page is returned, the proxy server forwards it to the user, isolating them from the Internet. If the proxy server is also a cache server, it will first look in its local cache of previously downloaded Web pages to see if it can find the requested page. If it finds the page, it sends it to the user. This avoids the need to forward the request to the Internet. If one or more sites are frequently requested, it is likely they are saved in the proxy's cache. Therefore, when pages are requested from these sites, users receive improved response times.
By default, proxy caches do not decrypt or cache encrypted pages (those delivered over an SSL connection). So, as long as pages containing sensitive information, such as credit card details, are delivered over an SSL connection, your customers' information will be not be stored on the proxy server. However, if you are responsible for the proxy server, you should check its cache settings to make sure it is not caching sensitive pages. For example, ISA Server can be configured to cache SSL response traffic that is bridged.
If you're a developer and want to ensure that some or all of your pages aren't cached, add the "Expires" attribute and set the expiration date in the past on the relevant pages. For example: <META HTTP-EQUIV="Expires" CONTENT="Thu, 01 Dec 1998 12:00:00 GMT">
Version 1.1 of the HTTP standard added a new field called Cache Control and one of the options for this attribute is "no-cache" as in:
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
This instructs caches not to keep a copy of the representation under any condition. Two caveats, though:
- Internet Explorer does not obey this instruction for non-HTML pages such as PDF documents.
- Older browsers that only support HTTP 1.0 do not obey this instruction either.
While many developers believe that assigning a "Pragma: no-cache HTTP header" will make a page uncacheable, this is unreliable and should be avoided because, technically, it is incorrect -- the HTTP standard specifies Pragma as a header to be sent by clients when requesting a fresh copy of a page, not by servers.
Finally, both IE and Netscape have an option to cache documents locally obtained via SSL. It is important to note that if this option is enabled, anyone who gains access to the computer could read any personal information contained within the document because again, it will be stored in the browser's cache.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.