Do Not Save Encrypted Web Pages

by Tony Bradley [Published on 29 Oct. 2004 / Last Updated on 29 Oct. 2004]

Internet Explorer saves a lot of web site information and data in temporary files for faster retrieval in the future. For most web sites that isn't a problem, but saving encrypted web pages that should be secure to a temp file on your disk can pose a security risk. This tip will show you how to disable the saving of encrypted web pages.

As you surf the World Wide Web, Internet Explorer saves a lot of information about the sites you have visited including caching copies of the actual web site pages to your hard disk in the Temporary Internet Files folder. In general this caching of information helps speed up access to sites you visit frequently because Internet Explorer can retrieve the information from the local disk rather than re-downloading redundant information from the remote web server.

For the majority of web sites you visit this is beneficial and poses no practical risk to you. It can pose a risk to compromising confidential or private information however if encrypted web pages are saved to the disk. When you access an online investing site or a banking site or other web sites of that nature the session is generally encrypted. Usually you will see the URL begin with "https" rather than just "http" which indicates that the session is ecnrypted with SSL That means that the information is encoded so that only your computer and the server you are communicating with can understand it. Anybody who might intercept the data midstream would only receive gibberish, so your private and confidential data is safe.

That safety is negated however if Internet Explorer caches copies of the supposedly private information on your disk in the Temporary Internet Files. Should anyone gain remote access to your computer through a virus or Trojan, or should someone have physical access to simply sit down at your computer they may be able to access the cached data and retrieve information that should have been encrypted and protected. In order to prevent this you can disable the ability for Internet Explorer to save encrypted web page data.

1. Open an Internet Explorer session

2. On the menu bar click on Tools and select Internet Options

3. Click on the Advanced tab

4. Scroll through the list to the Security section at the bottom

5. Check the box next to the option "Do Not Save Encrypted Pages To Disk"

6. Click OK to close the window and initiate the changes

Once you have completed those steps your future web surfing should be safer, but you still have to do something about the encrypted web data which has already been saved to your computer. To erase the existing data do the following:

1. Open an Internet Explorer session

2. On the menu bar click on Tools and select Internet Options

3. Under Temporary Internet Files on the General tab click Delete Files

4. On the message that pops up click the box that says "Delete all offline content" and click OK

5 Click OK to close the window

Now you have erased any potentially compromising information from your disk and disabled the ability of Internet Explorer to save encrypted web page information to your computer in the future.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

See Also

Featured Links