Searching security holes
Archive - Originally posted on "The Horse's Mouth" - 2005-04-04 07:33:18 - Graham EllisYou'll see from my post earlier this morning that I've added some "Out and about in Wiltshire" pages to our shared data system (Also known as a "wiki") on this site. And, I thought, "what better opportunity than to extend our site's search engine to include the database of information in that system?"
But wait. Our shared data system includes not only "public editable" and "public facing" pages, but also pages that are marked "internal only" and are only readable by members of the Well House Consultants team. A search engine that would simply search the database for the desired term wouldn't be sufficient - the search system is another door (a back door) to the data and it needs to be (and has been) secured as appropriate.
Why am I posting this "tip"? Because it's something that authors of search facilities often overlook; I know of various web resources which aren't directly accessible to me, but which I can retrieve information from through search facilities without (or with poor) security. Often, I'll let the web site owner know they've got a problem if I find one of these ... but I do have the feeling that some folks aren't all that concerned about their security. Certainly the holes often remain.