iDisk URL's? (security risk?)

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by macbookairman, Feb 20, 2009.

  1. macbookairman macrumors 6502a

    Joined:
    Jan 15, 2008
    Location:
    United States
    #1
    I'm not sure if this is something people on here know about, but i just discovered that you can access an iDisk file in ALL folders of the iDisk (Not just the Public folder) by typing in this url:

    www.me.com/ix/username/iDisk/Folder/file
    or
    www.me.com/ix/username/file

    I though the only files you could access by URL (and VIEW in the browser, not just download) were files in the public folder. However, you can view non public (private) files with that URL above without having to sign in to an account.

    Comments? Is this new news or old news? Is this something that should be fixed (doesn't seem very secure) or is it not a big deal?

    Does this work for anybody else?
     
  2. thejadedmonkey macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pa
    #2
    this is what I get

     
  3. cw2k7 macrumors member

    Joined:
    Jan 18, 2008
    #3
    That only works if you have previously signed in.

    If you have not signed in it will just display a message saying "Unauthorized"

    If you have signed in then logged out previously viewed files might still get loaded from the browser cache. But if you refresh the page it will reattempt the download and display the "Unauthorized" message.
     
  4. macbookairman thread starter macrumors 6502a

    Joined:
    Jan 15, 2008
    Location:
    United States
    #4
    how far back does a browsers chache go?

    I haven't logged into MobileMe lately, but I'm guessing the cache thing is whats happening.

    I guess this thread can be moved to the wasteland...
     
  5. southerndoc macrumors 6502a

    southerndoc

    Joined:
    May 15, 2006
    Location:
    USA

Share This Page