Subject: Re: [htdig] Search engine for private page
From: Geoff Hutchison (firstname.lastname@example.org)
Date: Wed Oct 25 2000 - 08:12:18 PDT
On Wed, 25 Oct 2000, Stephane Bortzmeyer wrote:
> As I understand it, there is no real security here: anyone can setup a
> form in a Web page which will call htsearch (not htsearch.pr) and this
> htsearch will be able to read the configuration file for the private
No, not really. But the form would be protected by password too, right?
If you want something more secure, you'd have to compile htsearch again,
setting a different DEFAULT_CONFIG_DIR, which would prevent the other
htsearch form entering that directory.
But as a side note, remember that if all of this is using HTTP instead of
HTTPS, a simple snooping attack will grab your passwords.
-- -Geoff Hutchison Williams Students Online http://wso.williams.edu/
------------------------------------ To unsubscribe from the htdig mailing list, send a message to email@example.com You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>
This archive was generated by hypermail 2b28 : Wed Oct 25 2000 - 08:18:29 PDT