Hiding pages is not security
Tuesday July 1, 2008
It can be somewhat difficult to find effective ways to protect pages and images on websites. Many beginning designers like to hide their pages and think that if they don't link to the pages, they won't be found by search engines or competitors. But search engine spiders are very good at finding things on Web pages unless you either block the spiders from indexing it with a robots.txt file or you prevent access to it with an htaccess file or other password protection scheme.
Comments
‘Private’ or client-sensitive information is frequently passed between Cadre and our clients. Your recommendations are pretty good but as a practice we use a combination of ZIP and PGP so that our clients can download sensitive information and review it locally. In our opinion, nothing less is really secure. Uploaded data from our clients are zipped with password protection.
This is very true. When I was first starting out I tried to develop a PHP content management system (very basic) online and thought that if I had no links to index pages and used obscure URLs I would be safe for a little while at least.
Within three days my forms had been found and my database filled with spam, despite the fact it was a newly registered domain with no traffic and no inbound links.
Password protect and encrypt everything. Nothing is sacred in cyberspace.