Subject: Re: [htdig] Search engine for private page
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Wed Oct 25 2000 - 08:12:18 PDT
On Wed, 25 Oct 2000, Stephane Bortzmeyer wrote:
> As I understand it, there is no real security here: anyone can setup a
> form in a Web page which will call htsearch (not htsearch.pr) and this
> htsearch will be able to read the configuration file for the private
> database?
No, not really. But the form would be protected by password too, right?
If you want something more secure, you'd have to compile htsearch again,
setting a different DEFAULT_CONFIG_DIR, which would prevent the other
htsearch form entering that directory.
But as a side note, remember that if all of this is using HTTP instead of
HTTPS, a simple snooping attack will grab your passwords.
-- -Geoff Hutchison Williams Students Online http://wso.williams.edu/------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>
This archive was generated by hypermail 2b28 : Wed Oct 25 2000 - 08:18:29 PDT