Bugtraq mailing list archives
Re: IE5 ACL protected pages viewable from cache by unauthorized u ser
From: paulle () EXCHANGE MICROSOFT COM (Exchange)
Date: Tue, 17 Aug 1999 10:39:35 -0700
The IE cache in Windows NT is per-user, and ACLd so only that user has access. From your description, it appears that the "unauthorized" user was running using the same account in the same logon session as the "authorized" user. (Closing the browser and reopening it doesn't count.) So, as far as the OS is concerned, it's the same user, and both are equally authorized. Logout and log back in as a different user. (There is an option to tell IE to clear the cache after the browser closes. But nothing short of logout is spec'd to work completely.) Paul
Current thread:
- Re: IE5 ACL protected pages viewable from cache by unauthorized u ser Exchange (Aug 17)