Re: [htdig] Search engine for private page


Subject: Re: [htdig] Search engine for private page
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Wed Oct 25 2000 - 08:12:18 PDT


On Wed, 25 Oct 2000, Stephane Bortzmeyer wrote:

> As I understand it, there is no real security here: anyone can setup a
> form in a Web page which will call htsearch (not htsearch.pr) and this
> htsearch will be able to read the configuration file for the private
> database?

No, not really. But the form would be protected by password too, right?

If you want something more secure, you'd have to compile htsearch again,
setting a different DEFAULT_CONFIG_DIR, which would prevent the other
htsearch form entering that directory.

But as a side note, remember that if all of this is using HTTP instead of
HTTPS, a simple snooping attack will grab your passwords.

--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>



This archive was generated by hypermail 2b28 : Wed Oct 25 2000 - 08:18:29 PDT