On Wed, Apr 29, 2009 at 12:27:41PM -0700, Steve Pirk wrote: > So, Microsoft has implemented a squid like server as part of their gateway > solution for office connections to the net. If done correctly, sould be > safe enough, no?
Well...I'm not so sure. I mean, if we grant the "done correctly" part for the sake of argument, it sounds to me like a file F requested by user A on system X may be cached on system Y used by user B, even if user B does not have the appropriate permissions for file F. If that's the case, and it may not be, then a security issue with system Y or user B could expose file F. Is this how others are reading it? ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
