Googling Suite
vendredi, octobre 13, 2006
Google is getting into your private files. If you're storing your archives + passwords in the web root, you're in for a big surprise.
Will Google end-up with legal action?
As many sites run commercially licensed software, Google Code Search is able to crawl the archives and read unparsed PHP files as if they were plain text. This has resulted in the disclosure of some sensitive information including MySQL passwords and SMTP credentials. The potential for future abuse is great if nothing is done now.
What do you do if you're using open source software?
Will Google end-up with legal action?
As many sites run commercially licensed software, Google Code Search is able to crawl the archives and read unparsed PHP files as if they were plain text. This has resulted in the disclosure of some sensitive information including MySQL passwords and SMTP credentials. The potential for future abuse is great if nothing is done now.
What do you do if you're using open source software?
- Never store a backup or archived version of your website in a web server's public readable directories.
- Do not leave files that you do not want to be read/indexed/searched/downloaded in the web root.
- If it is absolutely necessary, make your hosting provider disable directory index generation for that directory.
- Password protect directories that contain sensitive information.
- Use .htaccess
posted by OK at 6:01 AM
0 Comments:
Enregistrer un commentaire
<< Home