The SSL connection will initiate a secure session using a session key that is only valid for that particular session and/or a particular length of time. This information can therefore not be compromised after it has been disconnected. In terms of the account information, the only reason the home PC will have this stored locally is if the user asks it to, or if you are using an insecure version of Windows i.e. 95/98 and badly configured nt/2k.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 23 October 2001 21:42 To: [EMAIL PROTECTED] Subject: Windows NTFS Authentication Caching A question for the Windows experts in the group -- A user accesses a company web site from a home PC (any flavor of Windows). The web site requires NTFS authentication against the company's domain controller. The web session requires SSL, but is the company userid/password cached on the home PC? I'm worried that if the home PC is compromised, any cached company account information could be retrieved. Thanks, Carol
