CAframer
SGF, Supreme Grumble Framer
Firstly the background:
Earlier today I inadvertently, and innocently, posted a link to a "secure" area of a vendor's website, enabling inappropriate access to a copyrighted document. The matter was quickly brought to my attention and the link was speedily removed.
Here's what happened:
I have legitimate access to the site in question, which is userid/password protected. Some time ago I had read this particular document. When I see something useful on the internet I often add it to my IE list of Favorites.
So when someone expressed an interest in this document I thought I had seen it, clicked on my list of IE Favorites, and up it popped. I had long forgotten that I had originally accessed the document through a secure site, and figured it was just normal internet material. So wanting to help someone I posted the link!
Loophole:
Clearly the material in question was not really secure. By having the URL (e.g. in this case from IE Favorites) it could be accessed directly, bypassing normal userid/password requirements.
So here's my suggestion for webmasters:
I'm sure it's easier said than done but if you have material that should only be accessed via a userid/password then security access should be required whenever that URL is accessed!
Once again my apologies for inadvertently sharing the URL in question, but also please be aware that it would not have occurred without the aforementioned loophole!
Earlier today I inadvertently, and innocently, posted a link to a "secure" area of a vendor's website, enabling inappropriate access to a copyrighted document. The matter was quickly brought to my attention and the link was speedily removed.
Here's what happened:
I have legitimate access to the site in question, which is userid/password protected. Some time ago I had read this particular document. When I see something useful on the internet I often add it to my IE list of Favorites.
So when someone expressed an interest in this document I thought I had seen it, clicked on my list of IE Favorites, and up it popped. I had long forgotten that I had originally accessed the document through a secure site, and figured it was just normal internet material. So wanting to help someone I posted the link!
Loophole:
Clearly the material in question was not really secure. By having the URL (e.g. in this case from IE Favorites) it could be accessed directly, bypassing normal userid/password requirements.
So here's my suggestion for webmasters:
I'm sure it's easier said than done but if you have material that should only be accessed via a userid/password then security access should be required whenever that URL is accessed!
Once again my apologies for inadvertently sharing the URL in question, but also please be aware that it would not have occurred without the aforementioned loophole!
