PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Securing Zoom Search Engine Interface

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing Zoom Search Engine Interface

    I'm using CakePHP MVC as my intranet web interface. I have several "offline mode" folders indexed via Zoom Search Engine. These folders require user/group authentication because of the proprietary nature of the files. I am able to provide authentication to the Zoom Search interface via passing a SessionID through the command line. I can then modify the search.php file to lookup the session and validate the user associated with the session has the credentials to view the indexed files.

    I could write a PHP wrapper around a CGI to perform a similar function. The problem with doing this is the security can be by bi-passed by calling search.cgi directly.

    Any suggestions on securing a CGI version of Zoom Search Engine.


    The world is a dangerous place to live, not because of the people who are evil, but because of the people who don't do anything about it.

    Albert Einstein

  • #2
    You could put a redirect in your .htaccess file to prevent direct CGI access (and maybe redirect the request back to the PHP script).

    But if the call to the CGI script is hidden in the PHP script is anyone going to guess that a CGI script even exists, then guess the name of the script?

    Comment

    Working...
    X