Rob's Blog

Postings from the world of Rob Ferrer
  • rss
  • Home

A warning to webmasters: don’t rely on secret URLs

March 26, 2009 | 6:52 pm

I’m sure I’m not alone in creating administration pages for websites that under development, and relying on the fact the URL is unknown to keep them private (until the site is launched of course).

I currently have a large project under development, which has a number of administration functions that are executed by visting a certain URL (in this case refreshing product information and wiping cache tables). I got a call from the customer telling me that the cache kept disapearing without him running the function, and I knew I hadn’t.

After checking my code, and looking at the data to check if the data really was missing, I decided to check the Apache access logs.

A quick grep told me that the admin URL had been accessed, not by me or the customer, but by Alexa! This had caused the cache to be wiped (correctly as it turns out, since that was what it was meant to do).

I have a firefox plugin on my main office PC that tells me the Alexa ratiung of any sites I visit. Clearly they also spider any URLs they don’t know about!

I quickly added password protection to the admin pages, and will make sure it’s the first thing I do in future. I don’t think (I hope) that they are publicising these private URLs, but visiting them is bad enough. I will of course be removing the Alexa plugin when I get back to the office.

Categories
Uncategorized
Tags
Alexa, Post a Day, web, Web Development
Comments rss
Comments rss
Trackback
Trackback

« Jade Is one hour enough? »

One response

judi online terbaik Rob's Blog » Web Development

judi online terbaik | July 17, 2022 | 10:01 pm

judi online terbaik

Rob's Blog » Web Development

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Links

  • Izzy's Mum Nursing Clothing
  • Lara Rose Maternity Clothing
  • My LinkedIn Profile
  • Zopa

Tags

Android baby led weaning blogging cashback eBay email funny gadgets GDI GDI Goldrush Get Rich Quick google Google Wave Homepages Friends HTC Hero HTC Sense Isabel junk mail kayaking mobile MySearchFunds Norton Antivirus openid outdoors show Paternity phone photography post Post a Day rant review rodeo search security spam Symantec t-mobile the mobile outlet web Web Development welcome woopra wordpress WordPress 2.5 Yahoo

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
rss Comments rss valid xhtml 1.1 design by jide powered by Wordpress get firefox