Re: [htdig] Search engine for private page

Subject: Re: [htdig] Search engine for private page
From: Geoff Hutchison (
Date: Wed Oct 25 2000 - 08:12:18 PDT

On Wed, 25 Oct 2000, Stephane Bortzmeyer wrote:

> As I understand it, there is no real security here: anyone can setup a
> form in a Web page which will call htsearch (not and this
> htsearch will be able to read the configuration file for the private
> database?

No, not really. But the form would be protected by password too, right?

If you want something more secure, you'd have to compile htsearch again,
setting a different DEFAULT_CONFIG_DIR, which would prevent the other
htsearch form entering that directory.

But as a side note, remember that if all of this is using HTTP instead of
HTTPS, a simple snooping attack will grab your passwords.

-Geoff Hutchison
Williams Students Online

------------------------------------ To unsubscribe from the htdig mailing list, send a message to You will receive a message to confirm this. List archives: <> FAQ: <>

This archive was generated by hypermail 2b28 : Wed Oct 25 2000 - 08:18:29 PDT