I'm not sure what the developers were thinking over at MS when they programmed this, but the fact that anyone (in the same domain or access to the SharePoint Server) can view everything in any user's My Site website is quite sad.
For example, I can go into a colleagues site and view everything. Unless specific permissions were set up, it is all open.
The default security setting is "NT AUTHORITY/Authenicated Users".
So word of advice to anyone using My Site, you'll want to change your security settings right away.
No comments:
Post a Comment