iDisk URL's? (security risk?)

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by macbookairman, Feb 20, 2009.

  1. macbookairman macrumors 6502a

    Jan 15, 2008
    United States
    I'm not sure if this is something people on here know about, but i just discovered that you can access an iDisk file in ALL folders of the iDisk (Not just the Public folder) by typing in this url:

    I though the only files you could access by URL (and VIEW in the browser, not just download) were files in the public folder. However, you can view non public (private) files with that URL above without having to sign in to an account.

    Comments? Is this new news or old news? Is this something that should be fixed (doesn't seem very secure) or is it not a big deal?

    Does this work for anybody else?
  2. thejadedmonkey macrumors 604


    May 28, 2005
    this is what I get

  3. cw2k7 macrumors member

    Jan 18, 2008
    That only works if you have previously signed in.

    If you have not signed in it will just display a message saying "Unauthorized"

    If you have signed in then logged out previously viewed files might still get loaded from the browser cache. But if you refresh the page it will reattempt the download and display the "Unauthorized" message.
  4. macbookairman thread starter macrumors 6502a

    Jan 15, 2008
    United States
    how far back does a browsers chache go?

    I haven't logged into MobileMe lately, but I'm guessing the cache thing is whats happening.

    I guess this thread can be moved to the wasteland...
  5. southerndoc macrumors 65816


    May 15, 2006

Share This Page