Ok but permissions locally on each mail box or on the entire storage box -----Original Message----- From: Taylor, George [mailto:gtaylor@xxxxxxxx] Sent: Thursday, February 09, 2006 1:08 PM To: [ExchangeList] Subject: [exchangelist] RE: Outlook On The Web Security Risk!!! http://www.MSExchange.org/ Mailbox permissions -----Original Message----- From: Phil Marano [mailto:pmarano@xxxxxxxx] Sent: Thursday, February 09, 2006 10:53 AM To: [ExchangeList] Subject: [exchangelist] Outlook On The Web Security Risk!!! http://www.MSExchange.org/ Does anyone know how to prevent users once they are logged into their mail account via the web client from adding another users email account name to the end of the current web address and viewing that persons mailbox? (ie: http://mail.yourdomain.com/exchange/jdoe <---- adding a users account name to then of the /exchange/ directory will allow that person to view anyone mailbox.) This is exchange 2003 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: gtaylor@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx ***Note: The information contained in this message, including any attachments, may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the Sender immediately by a "reply to sender only" message and destroy all electronic or paper copies of the communication, including any attachments. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: pmarano@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx