Serious hole in homepage security??
I recently set up a 'secure' directory through homepage for use with some work files. What I noticed was this: from my work PC at least, if I go to the URL http://homepage.mac.com/robinc/extranet I get the password prompt as well I should.
However, if I add an extra slash, as in: http://homepage.mac.com/robinc//extranet the security password is bypassed, and the site is displayed.
I assume that this is not supposed to be the case? If so, it does not seem very secure...
Can anyone else please try this and verify that it is in fact the case.
Thanks!
\
However, if I add an extra slash, as in: http://homepage.mac.com/robinc//extranet the security password is bypassed, and the site is displayed.
I assume that this is not supposed to be the case? If so, it does not seem very secure...
Can anyone else please try this and verify that it is in fact the case.
Thanks!
\
Comments
In the meantime, you may want to remove your .mac name from the above posts, so that more folks don't get in.
There is nothing private on there yet (no content), but I changed the content just in case.
I e-mailed it to Apple, but am glad too that the word is out in case anyone really had something private on their site...
R.
where's that damn :eek: smiley when you need it
Seriously though, I'm very glad you brought this to everyone's attention. I'm on the verge of getting .Mac myself and this is a very good thing to know. Let's hope that Apple takes care of this sooner than later!
Actually, for anyone who is currently a .Mac member, is there any prior mention of this on the members-only support boards?
Originally posted by maninmac
I called Apple, and spoke to a guy in .mac support. His response was basically "oh my god, let me go and speak to..." and he was gone.
Nice to see that they fixed it. I thought I'd try your link to see if anything had changed and, happy to see that it has for the better! Always glad to see responsive customer service.
That is quite impressive, it is indeed fixed...Go Apple!
Originally posted by maninmac
You know, I did not even notice!
That is quite impressive, it is indeed fixed...Go Apple!
I hope there is a G5 at your doorstep tomorrow.