iDisk URL's? (security risk?)

[macbookairman]

I'm not sure if this is something people on here know about, but i just discovered that you can access an iDisk file in ALL folders of the iDisk (Not just the Public folder) by typing in this url:

http://www.me.com/ix/username/iDisk/Folder/file
or
http://www.me.com/ix/username/file

I though the only files you could access by URL (and VIEW in the browser, not just download) were files in the public folder. However, you can view non public (private) files with that URL above without having to sign in to an account.

Comments? Is this new news or old news? Is this something that should be fixed (doesn't seem very secure) or is it not a big deal?

Does this work for anybody else?

 

[thejadedmonkey]

this is what I get

Account Error: Inactive

 

[cw2k7]

That only works if you have previously signed in.

If you have not signed in it will just display a message saying "Unauthorized"

If you have signed in then logged out previously viewed files might still get loaded from the browser cache. But if you refresh the page it will reattempt the download and display the "Unauthorized" message.

 

[macbookairman]

how far back does a browsers chache go?

I haven't logged into MobileMe lately, but I'm guessing the cache thing is whats happening.

I guess this thread can be moved to the wasteland...

 

[southerndoc]

I got an unauthorized error.