Re: [htdig] Indexing proteted servers


Subject: Re: [htdig] Indexing proteted servers
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Thu Dec 02 1999 - 12:32:19 PST


At 2:03 PM -0600 12/2/99, Paul DuBois wrote:
>I was not, and saw no reason to make, that presumption, particularly
>since the question didn't specify whether or not the protected server
>was the poster's own.

Fair enough. But I'll say this--you had to get the name/password
combination that you're using for indexing. And if you're indexing
someone else's protected server *without* their consent, then IMHO
you've moved beyond the purely technical realm into the legal realm.

The poster asked if it could be done. Yes, it can.

You asked whether it would "essentially compromise security." My
answer, as I stated earlier, is no. You say the contents would be
"sitting about somewhere in an htdig database." You can very easily
secure the generated index, whether it's on the same server or not.

If you're saying "well you can index a protected server using an
unprotected server," you're right. But the program itself has no way
of knowing that and if you do such a thing, then it's the same as
browsing a protected server using an unprotected client and saving
files on an unprotected hard drive.

But that's not to say that there's something inherently insecure in
indexing a protected server or browsing a protected server.

Cheers,

-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Thu Dec 02 1999 - 12:45:41 PST