Hi, Sergiu! -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Sergiu Dumitriu [[email protected]] Sent: 13 February 2012 18:59 To: XWiki Users Subject: Re: [xwiki-users] security breach? On 02/13/2012 11:47 AM, [email protected] wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
This should not happen from XWiki. Do you have any other proxies, frontends, or even a simple browser cache that is serving the file without asking XWiki for it?
The only explanation is a cache... but how a robot is able to index a PDF this way? I'm not able to reproduce it though... Please, could access the file listed as freely accessible in my previous message in this thread? Thanks!!!
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm