We discovered a security flaw in SkyDrive.  User A can forward their SkyDrive Shared folder invite email to user B.  Then user B can open the link, sign up for a SkyDrive account, and view the Shared folder. This should not happen according to the SkyDrive Website, http://windows.microsoft.com/en-US/skydrive/change-access-permissions-faq:

 

“If you want recipients to sign in with a Microsoft account before they can view the file or folder, select Require everyone who accesses this to sign in. This also helps prevent other people who could be forwarded the email from being able to access your file or folder.”


How can I lock down the permissions so that only email addresses I invited can access my Share folder?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.