Cached mode security issue

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When I set up Outlook 2003 in cahced mode, but still require a
username/password on the profile I notice an issue that is a show stopper in
our environment. Even if you clikc cancel on the logon, Outlook will show the
contents of the "cached file" - in other words, my requiring a
username/password is worthless - my mail is available to anyone who attempts
to open Outlook.

This issue is even bigger on machines used by multiple users - in that case
it shows the content of the last person to login - as a matter of fact, that
content will appear *behind* the request for username/-password - so any
clutz can figure out how to view the other user's mail...

Any thoughts would be appreciated.
 
That is how it should work indeed. The "security" you are talking about is
the login credentials to the Exchange server to collect NEW e-mail. Cached
e-mails are stored locally on the computer so you don't require login
credentials to the Exchange server to read them, just login credentials for
the computer user account that is storing the cache. So either don't use
cached mode if you are sharing computer login credentials and not Exchange
login credentials or use separate computer login credentials and keep them
private.

--
Robert Sparnaaij [MVP-Outlook]
www.howto-outlook.com

Tips of the month:
-FREE tool; QuickMail. Create new Outlook items anywhere from within Windows
-Properly back-up and restore your Outlook data

-----
When I set up Outlook 2003 in cahced mode, but still require a
username/password on the profile I notice an issue that is a show stopper in
our environment. Even if you clikc cancel on the logon, Outlook will show
the
contents of the "cached file" - in other words, my requiring a
username/password is worthless - my mail is available to anyone who attempts
to open Outlook.

This issue is even bigger on machines used by multiple users - in that case
it shows the content of the last person to login - as a matter of fact, that
content will appear *behind* the request for username/-password - so any
clutz can figure out how to view the other user's mail...

Any thoughts would be appreciated.
 
Back
Top