n3td3v wrote:
Today's disclosure involves Google and Yahoo search engines: All you need to do is put in the code to a web page, when Google and Yahoo visit it, then the code exploits the software they use and makes them start caching 'other' pages. Including 'no index' pages, where sites have setup a robot text file on their server to protect corporate and consumer interests.
I think you missed the concept here. Whatever is on the webservers and is available to the public is... well... available to the public.
It does not help security matters to introduce a robots.txt - the purpose of this directives file is not to secure something but to reduce traffic and keep irrelevant content out of search engines.
If you need security, you introduce some kind of authentication *before* access is allowed to sensitive data. You will find that a sign reading "Do not enter and do not steal any gold" will not help much at the Fort Knox entrance if it is the only security measure.
Denis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/