+

Search Tips   |   Advanced Search

Security Issues

Storing authenticated pages in a shared cache introduces security holes. If a malicious user discovered the URL for an authenticated page, that user could read pages containing private information.

By default, WebSphere Portal does not permit shared caching for authenticated pages. Use the Properties portlet or xmlaccess.sh to override these default settings using the com.ibm.portal.IgnoreAccessControlInCaches parameter, but in most cases this is not recommended.

In some rare circumstances, it might be useful to store authenticated pages in a shared cache. For example, if all authenticated users receive identical content, then storing authenticated pages in a shared cache might be acceptable.


Parent Caching