Re: IE5 ACL protected pages viewable from cache by unauthorized u

From: Paul Leach (Exchange) (paulleat_private)
Date: Tue Aug 17 1999 - 10:39:35 PDT

Next message: Seth R Arnold: "Re: DOS against SuSE's identd"

Previous message: Bluefish: "[EuroHaCk] stealth-code (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The IE cache in Windows NT is per-user, and ACLd so only that user has
access. From your description, it appears that the "unauthorized" user was
running using the same account in the same logon session as the "authorized"
user. (Closing the browser and reopening it doesn't count.) So, as far as
the OS is concerned, it's the same user, and both are equally authorized.

Logout and log back in as a different user.

(There is an option to tell IE to clear the cache after the browser closes.
But nothing short of logout is spec'd to work completely.)

Paul

Next message: Seth R Arnold: "Re: DOS against SuSE's identd"
Previous message: Bluefish: "[EuroHaCk] stealth-code (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:56 PDT