Document Caching Attack

Homero_Cavazos
Level 2

Document Caching Attack

We have our landing pages go through vulnerability scans to test for any vulnerabilities and 'document caching' keeps coming up. This in turn raises our harm score. Are there any additional methods besides HTML markup to disable caching through Marketo? Server settings we can set? The PDFs are not confidential or sensitive in nature, the goal is to reduce the score produced by the vulnerability scans. 

4 REPLIES 4
SanfordWhiteman
Level 10 - Community Moderator

Re: Document Caching Attack

Instead of alarming people with "attack" please explain what you think is a vulnerability.

Homero_Cavazos
Level 2

Re: Document Caching Attack

The scan application defines it as an attack. I have advised my client that the documents in question are not sensitive in nature and the score is not anything to be concerned about. But to satisfy my client's concern I am seeking confirmation from this forum that we/Marketo authors have no control over server configuration for caching assets. Does this make more sense?

SmartAttack.png

SmartAttackDetail.png

SanfordWhiteman
Level 10 - Community Moderator

Re: Document Caching Attack

That is correct. You have no control over the server headers if you serve assets from Marketo's CDN & origin servers. If you serve them via your own CDN you can tweak the headers to your heart's content.

Since these are not confidential documents, however, the results are irrelevant as the test is merely signaling you that if a doc is intended to be confidential you may wish to make it more ephemeral.

Homero_Cavazos
Level 2

Re: Document Caching Attack

Thanks Sanford. I just needed that confirmation since I'm still new to Marketo environment and what authors of the platform can control.