On 18/08/2006, at 12:56 PM, Deryck Hodge wrote:
> > > I know I'm missing something obvious, but why is this a problem? It's > not like the default, well-documented admin location isn't /admin/ on > a Django site. I not trying to be a smart aleck or critical. I'm > really curious what I'm missing. Why does it matter that a search > engine knows where the admin page is? while *you* might know just by looking at a site that is written in django, bots might not. lets say there was a security problem in django where it didn't handle a specific HTTP request (say SQL injection for example) using these searches I can get a list of sites I could potentially own. this is how various worms spread in the past. they did a google search for a specific 'feature' and then with a known vulnerability in hand, they would attack that site, put their worm on it, and repeat. that is one example on why it could be bad. there are others I could think of but I'm not going to mention them. > > Cheers, > deryck > > -- > Deryck Hodge http:// > www.devurandom.org/ > Web Developer, Naples News http://www.naplesnews.com/ > Samba Team http:// > www.samba.org/ > -- Ian Holsman [EMAIL PROTECTED] http://VC-chat.com It's what the VC's talk about --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
