Fix the following security issue on OneDrive
The file download links in the browser download history works after the user signs out of their Microsoft account. It looks like...the file download does not require user authentication.
Consider this situation.....
I am using a public PC. I login, download a personal file. Read it, delete the file permanently from the hard drive, logout and leave.
Now some anonymous person uses the same PC. He can go to browser file download history. Of course the file is not in the PC Hard Drive any more. But if he clicks on the link in the download history, the file downloads.
I am a .Net developer. Hire me and I will fix it :-D
Mohsin Alam
shared this idea
4 comments
-
Ádám Sipos
commented
Can't believe this issue is still open after nearly 2 years. Votes added..
-
Anonymous
commented
Go Head. Hire him2
-
Mohsin Alam
commented
Agree!
Yes there are workarounds. And of course I do not have any sensitive data in my OneDrive. But still this a major security issue from such a trusted software giant like MS. I tried the same on Dropbox and Google drive. They seem to work fine by asking user authentication.
By the way, on OneDrive the link in the download history seems to work for about half hour or so. After that its safe. -
Johan Appelgren
commented
Workaround is to use incognito mode/in-private browsing.
If you have really sensitive documents it is probably not a good idea to sign in to your microsoft account on a public computer at all, you never know what kind of spyware, keyloggers or monitoring tools are running on the machine.
