Bill, On Thu, Dec 11, 2008 at 4:15 AM, Bill Barker <[EMAIL PROTECTED]> wrote: > > The article is referring to the fact that Tomcat adds cache headers by > default to any page protected by a <security-constraint> to prevent someone > else from stealing it from an intermediate proxy. The default settings are > extremely aggressive, resulting in regular posts on this list of the form > "My secured pdf file can't be displayed in IE".
If you read on in those articles, you'll find that this is not a problem due to headers send by Tomcat but due to a bug with the SSL-implementation in IE http://support.microsoft.com/?scid=kb%3Ben-us%3B323308&x=11&y=11 There are some workarounds for this problem (if you don't want users to patch their registry), which require a modification of the headers being sent, however, I believe you're mixing up the cause of this problem (= bug in IE) with a possible workaround (header-modification by Tomcat). Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
