Hi,
We are implementing a web based third party call logging tool which uses IIS8 and sensitive data will be submitted on the tool. I have been asked the following by the corporate security team:
if the data is sensitive what measures are in place to ensure content is not cached on external PCs?
To meet the requirements would turning on the Expire Web Content on IIS and then selecting Immediately meet this requirement and prevent any client caching?
I am concerned what affect this will have on performance or anything else?
This is what it says on the Microsoft site regarding the Immediately setting:
Immediately - expires the content immediately after it is delivered. This setting is best for content that contains sensitive information that you do not want to be cached or that is updated very frequently.
Thanks