[nycphp-talk] next challenge
inforequest
1j0lkq002 at sneakemail.com
Wed Feb 23 16:21:19 EST 2005
Daniel Krook krook-at-us.ibm.com |nyphp dev/internal group use| wrote:
>>Silly but true story/word of caution:
>>
>>If you add a "delete record" button, be sure your admin page is
>>protected with a password and also add a robots.txt. A few years back, I
>>
>>
>
>
>
>>had a unprotected admin page (security through obscurity, heh!).
>>Googlebot found the page (linked from an automated daily web stats page)
>>
>>
>
>
>
>>and proceeded to spider all the [delete] links ultimately wiping out all
>>
>>
>
>
>
>>the records. Luckily I was able to restore from a nightly backup. It was
>>
>>
>
>
>
>>quite embarrasing to be owned by a search engine.
>>
>>
>
>
>Ha. I had the same thing happen to me... luckily it was just a prototype
>application though.
>
>I had cleverly attached JavaScript confirm()'s to the delete links which
>was pretty good at making it a two step process of deletion for users, but
>Google just plowed on through. :)
>
>
>
>
>
>
>
>Daniel Krook, Advisory IT Specialist - Application Development
>WW Web Production Services North 2, ibm.com
>1133 Westchester Avenue, White Plains, NY 10604
>
>
great stories. Good examples for warning people about search enigine
visits....
-=john
More information about the talk
mailing list