PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Protected pages but public index

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protected pages but public index

    Hi,

    Just bought the pro version of zoom for our latest project and we're well happy with it.

    Just one question, not a bug or anything but just seeking some clarity/reassurance....

    The site contains 12,000 pages. Each page is password protected and requires a user to register and/or log in (for a small fee). We know how to index a protected site so no problem there.

    However we want to make the index public, ie available to non members so they can search and see the results. Clicking on the link takes them to the page but all it shows is a login/register page. Again, we think we've got his sorted.

    My question is - by making the search results publically visible, can non-members access or piece together the protected data in any realistic way, either by specific search terms or by accessing the actual index datafile directly?

    Regards,
    Ade.

  • #2
    It would be a hard job to piece together the page from the data files. Even if you did you would be missing all formatting (fonts, colours, layout, tables, lists, etc..) and you would be missing all the images and hyperlinks.

    It is not impossible however.

    It you are really worried about this possibility you could redirect web access to the the raw data files. i.e. prevent the files being accessed via a URL, but still allow access via the file system. This could be done using the .htaccess file if you are using Apache. This would stop everyone except the most dedicated hacker, or a company insider (which is always the greatest risk).

    Then you have the issue of accessing content through the search script. If you have context results turned on, then this is also possible. You could grab a few words at a time and slowly piece them together. It would be slow and time consuming, but not impossible. If this is a big issue you'll need to turn off context results in Zoom. If the information you are trying to protect is just a couple of sentences, then you need to turn it off. If you are trying to protect a 100 page document, giving away a few words at a time is not much of a risk.

    ----
    David

    Comment


    • #3
      Thanks for the quick reply David.

      I was hoping you'd say something along the lines you have. I think the risk will be acceptable to us - the fee to register isn't going to be very high and since we're talking about 12000+ pages the effort to get just a few pages without registering wouldn't be worth it for the majority.

      It'd certainly be offset by those who would register because of seeing the results from the searches.

      Zoom really is an excellent product - keep up the excellent work!

      Ade.

      Comment

      Working...
      X