Dave, Thanks for the reply. I guess I first should've gone and checked to see what 'web accelerator' was, and then I might have understood. I guess my main question now is: what is considered the "best" antidote for such a problem. Since I didn't know what it was, I obviously don't use web accelerator, but I can see how someone else using my sites might be. I generally use forms for such things, but have probably used links at one time or another. Is a forms solution safe?
Thanks, Matt -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 10, 2006 10:46 AM To: CF-Talk Subject: RE: Strange security problem with googlebot > Hmmmmmm... okay, so the issue that is being referred to here is when > the login check is handled AFTER that link is displayed? I guess I'm > still a bit confused, because I can't understand a) why any such link > would be displayed to anyone (or any bot) without them first being > logged-in and having the appropriate credentials, and b) how a bot > would get past a login/credential check. It wasn't, and didn't. The original poster had Google Web Accelerator installed, which is basically a browser plug-in that prefetches pages for you. If you're logged in, it's logged in. The original poster was logged in, and went to a page that contained all these links that would trigger database changes, etc, and the Web Accelerator requested them all because that's what it's supposed to do. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:256125 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
