Subject: [htdig] excluding, but only in searching
From: Kirby Vandivort (firstname.lastname@example.org)
Date: Thu Feb 10 2000 - 14:58:16 PST
We have a site with a particular directory whose access is restricted
to people who are logging in from within our subnet. We put sensitive
things here that we don't want others to see. My question is this:
Is there some way that I can create one database for our site and have
both on site and off site users be able to use it WITHOUT coding an
'exclude' in the form html. The 'exclude' option, while perfect for
some things, doesn't offer much security. I figure it would be easy
enough for a person to view the source, realize that directory X has
been excluded, write their own html form that doesn't exclude X, and be
able to pull up summaries of the files that we have in directory X.
(We have MANY directories (which are constantly changing, etc. which
ARE available for offsite perusal, which makes 'restrict' impossible to
Ideally, we would have two config files, and exclude our private
directory in one of them, and have the offsite search form use this
config file. The onsite search form could specify a different config
file that doesn't have the same exclusion.
In addition, is there any way to check the HTTP_REFERER to require that
a search be started from a particular URL? That would solve problems
Kirby Vandivort Theoretical Biophysics Group Email: email@example.com 3051 Beckman Institute http://www.ks.uiuc.edu/~kvandivo/ University of Illinois Phone: (217) 244-5711 405 N. Mathews Ave Fax : (217) 244-6078 Urbana, IL 61801, USA
------------------------------------ To unsubscribe from the htdig mailing list, send a message to firstname.lastname@example.org You will receive a message to confirm this.
This archive was generated by hypermail 2b28 : Thu Feb 10 2000 - 15:00:46 PST