Caching improves the user browsing experience by reducing the latency time, allowing for better bandwidth usage and reduction of the web server load.
Web pages with web cache enabled can be cached in the client browser as well as in the server proxies and gateways that are part of the web traffic between the client and the web server.
When a web page is not available, a web server and/or a web proxy can serve the browser with a cached web page.
Since cache information can contain sensitive data, it has to be protected from unauthorized access. In the case of web applications, it needs to avoid caching confidential information on the user’s browser.
Caching can cause the following security issue :
- Unauthorized information disclosure via cached data access
- Information disclosure via HTTP POST reply
- Escalation of privileges and user impersonation via cached sessionIDs and cookies