I works for a small IT news service. A large portion of our articles are in
directories protected using basic authentication. Recently, one of our
sales people was demoing our service and found that the person to whom they
were demoing could read the articles within the protected directories -
without having to enter a password.
After I checked and could find no accesses from the company (and indeed the
continent in question) during the time when the demo was taking place, I
asked if there was a cache in use. They told me that SQUID was being used.
Am I correct in thinking that SQUID has cached the page from an earlier
access by someone who does have a password, or am I barking up the wrong
tree here?
- Si
