Do not save encrypted pages to disk

Discussion in 'Internet Explorer' started by hdjur, Apr 2, 2007.

  1. hdjur

    hdjur Guest

    I'm interested in details about option "Do not save encrypted pages to disk",
    and disk cache in general.
    IE supports several protocols for data gathering: http, https, ftp,
    gopher,...
    When retreived via https, data is decrypted in order to be displayed in
    browser.
    In that case, automatic cacheing mechanism saves ENCRYPTED pages into
    special folder "Temporary Internet files", right? Is there a way to observe
    encrypted pages in that cache, or only those that were not encrypted, or were
    decrypted (if these are saved that way there at all)?
    If pages are cached for performance reasons, wouldn't it be reasonable to
    save them decrypted, in order to avoid decryption overhead? Security issue
    for saving confidential data to disk exists in any case, unauthorized user
    may use brute force method to decrypt files if he has unrestricted access to
    them and is willing to do that.
    And that's what observed option is used for, to avoid saving confidential
    data to disk, if retreived over secure link? Is there the same policy for all
    file types (extensions) regarding that matter?
    What was the exact MS's intention, which IE behaviour to control with that
    option?
    It namely affects conscious, intended saving initiated by user too (using
    option "Save Target As...", "Save As..."), it affects viewing the page
    source, export of data etc. In version 7 it is regular behaviour that this
    option has to be turned off to enable this actions, which by the way are used
    to save or access DECRYPTED data, definetly. In lower versions, at least in
    most of their updates, it is even not possible to save non html content (for
    example xml) retreived via https, regardless of this option setting, because
    of an obvious bug.
    In MS knowledge base there is a workaround for this issue:
    http://support.microsoft.com/kb/323308/en-us
    which suggests that when there is "no cache" directive in http response
    header, received over SSL, BypassSSLNoCacheCheck registry entry should be
    added. Otherwise, "download is not possible". On the other hand, if the
    original intention was to control automatic cache, if IE user is not aware of
    that it is necessary to delete cache when downloading confidential data, will
    he be aware of, or able, to check/set this option in IE on a public work
    station, to protect himself from undesired file saving?
    Are there any issues in version 7 with a disk cache? Sometimes I can't
    delete temporary
    files, sometimes when I delete them, nothing is saved anymore. I never
    experienced such things
    in version 6.
    hdjur, Apr 2, 2007
    #1
    1. Advertising

  2. hdjur

    Dean Earley Guest

    hdjur wrote:
    > I'm interested in details about option "Do not save encrypted pages
    > to disk", and disk cache in general. IE supports several protocols
    > for data gathering: http, https, ftp, gopher,... When retreived via
    > https, data is decrypted in order to be displayed in browser. In that
    > case, automatic cacheing mechanism saves ENCRYPTED pages into special
    > folder "Temporary Internet files", right?


    No, all files in this folder are unencrypted and in their native format.
    The SSL/secure part is ONLY on the TCP connection to stop it being
    viewed in the highly unlikely event of it being intercepted.
    (It is still possible to decrypt in some situations and if you get the
    entire conversation)

    Setting that option means it doesn't cache them at all (Hence the view
    source being disabled).

    --
    Dean Earley ()
    i-Catcher Development Team

    iCode Systems
    Dean Earley, Apr 2, 2007
    #2
    1. Advertising

  3. hdjur

    hdjur Guest

    Thanks Dean for your answer. Any comments on Microsoft intentions with this
    option? If I use "Save Target As..." it means I'm aware of saving to a local
    disk, why would this setting prevent me from performing this deliberate
    action, anyway?
    If this is supposed to prevent automatic cacheing when downloading via SSL,
    it shouldn't be possible to turn it off, for previously described reasons. Or
    not? Would someone please shed some light on this?

    "Dean Earley" wrote:

    > hdjur wrote:
    > > I'm interested in details about option "Do not save encrypted pages
    > > to disk", and disk cache in general. IE supports several protocols
    > > for data gathering: http, https, ftp, gopher,... When retreived via
    > > https, data is decrypted in order to be displayed in browser. In that
    > > case, automatic cacheing mechanism saves ENCRYPTED pages into special
    > > folder "Temporary Internet files", right?

    >
    > No, all files in this folder are unencrypted and in their native format.
    > The SSL/secure part is ONLY on the TCP connection to stop it being
    > viewed in the highly unlikely event of it being intercepted.
    > (It is still possible to decrypt in some situations and if you get the
    > entire conversation)
    >
    > Setting that option means it doesn't cache them at all (Hence the view
    > source being disabled).
    >
    > --
    > Dean Earley ()
    > i-Catcher Development Team
    >
    > iCode Systems
    >
    hdjur, Apr 3, 2007
    #3
  4. hdjur

    Dean Earley Guest

    The ONLY option it disables for me is "View source".
    Save target as, Save picture as, etc are all enabled and working fine.

    This option ONLY effects whether it saves it in the cache.

    hdjur wrote:
    > Thanks Dean for your answer. Any comments on Microsoft intentions with this
    > option? If I use "Save Target As..." it means I'm aware of saving to a local
    > disk, why would this setting prevent me from performing this deliberate
    > action, anyway?
    > If this is supposed to prevent automatic cacheing when downloading via SSL,
    > it shouldn't be possible to turn it off, for previously described reasons. Or
    > not? Would someone please shed some light on this?
    >
    > "Dean Earley" wrote:
    >
    >> hdjur wrote:
    >>> I'm interested in details about option "Do not save encrypted pages
    >>> to disk", and disk cache in general. IE supports several protocols
    >>> for data gathering: http, https, ftp, gopher,... When retreived via
    >>> https, data is decrypted in order to be displayed in browser. In that
    >>> case, automatic cacheing mechanism saves ENCRYPTED pages into special
    >>> folder "Temporary Internet files", right?

    >> No, all files in this folder are unencrypted and in their native format.
    >> The SSL/secure part is ONLY on the TCP connection to stop it being
    >> viewed in the highly unlikely event of it being intercepted.
    >> (It is still possible to decrypt in some situations and if you get the
    >> entire conversation)
    >>
    >> Setting that option means it doesn't cache them at all (Hence the view
    >> source being disabled).
    Dean Earley, Apr 4, 2007
    #4
  5. hdjur

    hdjur Guest

    Did you try to save non html content (for example xml) retreived via https?
    Because, as you can see, I didn't say saving html is not possible.

    "Dean Earley" wrote:

    > The ONLY option it disables for me is "View source".
    > Save target as, Save picture as, etc are all enabled and working fine.
    >
    > This option ONLY effects whether it saves it in the cache.
    >
    > hdjur wrote:
    > > Thanks Dean for your answer. Any comments on Microsoft intentions with this
    > > option? If I use "Save Target As..." it means I'm aware of saving to a local
    > > disk, why would this setting prevent me from performing this deliberate
    > > action, anyway?
    > > If this is supposed to prevent automatic cacheing when downloading via SSL,
    > > it shouldn't be possible to turn it off, for previously described reasons. Or
    > > not? Would someone please shed some light on this?
    > >
    > > "Dean Earley" wrote:
    > >
    > >> hdjur wrote:
    > >>> I'm interested in details about option "Do not save encrypted pages
    > >>> to disk", and disk cache in general. IE supports several protocols
    > >>> for data gathering: http, https, ftp, gopher,... When retreived via
    > >>> https, data is decrypted in order to be displayed in browser. In that
    > >>> case, automatic cacheing mechanism saves ENCRYPTED pages into special
    > >>> folder "Temporary Internet files", right?
    > >> No, all files in this folder are unencrypted and in their native format.
    > >> The SSL/secure part is ONLY on the TCP connection to stop it being
    > >> viewed in the highly unlikely event of it being intercepted.
    > >> (It is still possible to decrypt in some situations and if you get the
    > >> entire conversation)
    > >>
    > >> Setting that option means it doesn't cache them at all (Hence the view
    > >> source being disabled).

    >
    hdjur, Apr 19, 2007
    #5
  6. hdjur

    hdjur Guest

    More accurate is to say that using "Save as ..." works for html but not for
    xml,
    and "Save Target as ..." does not work for both content types - it reports
    this message:

    "The file could not be written to the cache."

    "Save as ..." does not complain about anything, it just doesn't save the
    file to the intended destination folder in case of xml.

    "hdjur" wrote:

    > Did you try to save non html content (for example xml) retreived via https?
    > Because, as you can see, I didn't say saving html is not possible.
    >
    > "Dean Earley" wrote:
    >
    > > The ONLY option it disables for me is "View source".
    > > Save target as, Save picture as, etc are all enabled and working fine.
    > >
    > > This option ONLY effects whether it saves it in the cache.
    > >
    > > hdjur wrote:
    > > > Thanks Dean for your answer. Any comments on Microsoft intentions with this
    > > > option? If I use "Save Target As..." it means I'm aware of saving to a local
    > > > disk, why would this setting prevent me from performing this deliberate
    > > > action, anyway?
    > > > If this is supposed to prevent automatic cacheing when downloading via SSL,
    > > > it shouldn't be possible to turn it off, for previously described reasons. Or
    > > > not? Would someone please shed some light on this?
    > > >
    > > > "Dean Earley" wrote:
    > > >
    > > >> hdjur wrote:
    > > >>> I'm interested in details about option "Do not save encrypted pages
    > > >>> to disk", and disk cache in general. IE supports several protocols
    > > >>> for data gathering: http, https, ftp, gopher,... When retreived via
    > > >>> https, data is decrypted in order to be displayed in browser. In that
    > > >>> case, automatic cacheing mechanism saves ENCRYPTED pages into special
    > > >>> folder "Temporary Internet files", right?
    > > >> No, all files in this folder are unencrypted and in their native format.
    > > >> The SSL/secure part is ONLY on the TCP connection to stop it being
    > > >> viewed in the highly unlikely event of it being intercepted.
    > > >> (It is still possible to decrypt in some situations and if you get the
    > > >> entire conversation)
    > > >>
    > > >> Setting that option means it doesn't cache them at all (Hence the view
    > > >> source being disabled).

    > >
    hdjur, Apr 19, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 2h4y

    encrypted pages

    2h4y, Feb 26, 2007, in forum: Windows Vista Networking
    Replies:
    0
    Views:
    208
  2. markbyrn

    Backing up Bitlocker Encrypted Drive Equals Not Encrypted

    markbyrn, Mar 4, 2007, in forum: Windows Vista Security
    Replies:
    4
    Views:
    378
    Guest
    Mar 19, 2007
  3. tom kmec
    Replies:
    0
    Views:
    362
    tom kmec
    May 21, 2007
  4. Greg
    Replies:
    1
    Views:
    135
    Rob ^_^
    Jul 13, 2007
  5. Allan
    Replies:
    0
    Views:
    393
    Allan
    May 13, 2008
Loading...

Share This Page