Bug 55721 - HTTP Cache Manager - no-store directive is wrongly interpreted
HTTP Cache Manager - no-store directive is wrongly interpreted
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: HTTP
2.6
All All
: P1 normal (vote)
: ---
Assigned To: JMeter issues mailing list
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-10-29 23:25 UTC by Philippe Mouawad
Modified: 2013-10-29 23:30 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe Mouawad 2013-10-29 23:25:26 UTC
We had a discussion a while ago about no-cache and no-store.
It seems we may not have correctly understood no-store.

14.9.2 What May be Stored by Caches

no-store
    The purpose of the no-store directive is to prevent the inadvertent release or retention of sensitive information (for example, on backup tapes). The no-store directive applies to the entire message, and MAY be sent either in a response or in a request. If sent in a request, a cache MUST NOT store any part of either this request or any response to it. If sent in a response, a cache MUST NOT store any part of either this response or the request that elicited it. This directive applies to both non- shared and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it. 
    Even when this directive is associated with a response, users might explicitly store such a response outside of the caching system (e.g., with a "Save As" dialog). History buffers MAY store such responses as part of their normal operation. 
    The purpose of this directive is to meet the stated requirements of certain users and service authors who are concerned about accidental releases of information via unanticipated accesses to cache data structures. While the use of this directive might improve privacy in some cases, we caution that it is NOT in any way a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping. 


According to this is seems browser does not cache a response with no-store:
"and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it. "
Comment 1 Philippe Mouawad 2013-10-29 23:30:54 UTC
Date: Tue Oct 29 23:28:43 2013
New Revision: 1536928

URL: http://svn.apache.org/r1536928
Log:
Bug 55721 - HTTP Cache Manager - no-store directive is wrongly interpreted
Bugzilla Id: 55721

Modified:
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java
    jmeter/trunk/test/src/org/apache/jmeter/protocol/http/control/TestCacheManager.java
    jmeter/trunk/xdocs/changes.xml


Date: Tue Oct 29 23:30:12 2013
New Revision: 1536929

URL: http://svn.apache.org/r1536929
Log:
Bug 55721 - HTTP Cache Manager - no-store directive is wrongly interpreted
Check for npe
Bugzilla Id: 55721

Modified:
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/CacheManager.java