[nycphp-talk] next challenge
Daniel Krook
krook at us.ibm.com
Wed Feb 23 11:13:45 EST 2005
> Silly but true story/word of caution:
>
> If you add a "delete record" button, be sure your admin page is
> protected with a password and also add a robots.txt. A few years back, I
> had a unprotected admin page (security through obscurity, heh!).
> Googlebot found the page (linked from an automated daily web stats page)
> and proceeded to spider all the [delete] links ultimately wiping out all
> the records. Luckily I was able to restore from a nightly backup. It was
> quite embarrasing to be owned by a search engine.
Ha. I had the same thing happen to me... luckily it was just a prototype
application though.
I had cleverly attached JavaScript confirm()'s to the delete links which
was pretty good at making it a two step process of deletion for users, but
Google just plowed on through. :)
Daniel Krook, Advisory IT Specialist - Application Development
WW Web Production Services North 2, ibm.com
1133 Westchester Avenue, White Plains, NY 10604
Personal: http://info.krook.org/
Persona: http://w3.ibm.com/eworkplace/persona_bp_finder.jsp?CNUM=9A9796897
More information about the talk
mailing list