On Feb 11, 2008, at 12:58 PM, Plüm, Rüdiger, VF-Group wrote:
The contents of the cache is not protected by any means. So I do not see a security issue here. Somemone who has access to one cache entity has access to all.
Agreed. But what I worry about is that you get some subtle interaction with some obscure header; which effectively is used by some site builder as implying certain access - or used, say, for ensuring that certain documents are only shown to, say, French people.
There is no doubt that this is 'wrong' on just about every level -- but given how careless some of the new web app frameworks are put to use - seems an easy/cheap thing to fix. Just not sure how.
Dw.
