Yes, but I thought this depended on a file in the cache that had been
retrieved over an unauthenticated connection.
Lookup won't put a file in the cache.
Jeffrey Altman wrote:
Kim Kimball wrote:
If I abandon use of system:anyuser, except for lookup, does that get the
job done?
It seems to me that this forces all connections capable of fetching data
to be authenticated. If I'm reading the alert correctly, this would
prevent FetchStatus exploit?
Kim
Lookup is performed via FetchStatus
Jeffrey Altman
begin:vcard
fn:Dexter 'Kim' Kimball
n:Kimball;Dexter
email;internet:[EMAIL PROTECTED]
tel;work:970-207-1474
tel;fax:866-514-9676
tel;home:970-215-6359
tel;cell:818-726-6392
x-mozilla-html:TRUE
version:2.1
end:vcard
