On Wed, 7 Oct 2009 11:24:29 -0400, Mark Schall <schallm2@xxxxxxx> wrote: > Hi, > > My name is Mark Schall. I am a Master student at Michigan State > University. I am working with a group, trying to work with HTTP > caches. We were wondering if, in general do HTTP caches work by > caching data based on the IP addresses or by the URI of the HTTP In general? I wont dare to guess. Too many ways to do it and too many different software caches using those ways. Squid in particular stores them by hash. Older versions used hash of URL. Newer 2.x use Hash of URL + some Vary: headers and stuff. > request. It seems that using IP addresses would be the most secure > means of caching, but the URI seems logical for multiple server > websites. I assume by 'secure' you mean 'secure against data leaks'. There is nothing inherently secure about caching in the first place. The cache admin always has access to the cached data in intermediary traffic. What security there is in caching is built on a trust between cache admin and website admin. The website admin trusts that the cache admin will obey the CC headers. The cache admin trusts that the website admin will set the headers correctly (private) to protect sensitive information and also inform how often objects get replaced etc. Amos
