According to Anton Mc Kee:
> I have tried this <input type="hidden" name="restrict"
> value="http://product1.domain.com">
>
> however I still get results from the other web servers. Which if I did have
> an intranet would be a big mistake as even the mere names on files would be
> enough to breach security.
I can't see anything wrong with the way you're using restrict above.
I don't know why it's not working. Are you sure there are no typos
in the form, in that tag or elsewhere? Is the tag between the <form>
and </form> tags? Does the restrict value show up in URLs in the page
list at the bottom of search results?
Anyway, you can't rely on the restrict field, even once you get it
working, as a means of security. Any CGI input parameter can be easily
overriden by the user. If your database contains sensitive information,
you should hide it away on a secure site, accessible only by those who
are authorized. What's to stop users from entering an URL like this
into their browser's location window?
http://product1.domain.com/cgi-bin/htsearch?restrict=&words=confidential
Even if the matching documents themselves are on a secure site, htsearch
will happily report excerpts from them in the search results if the
secure documents are indexed in an unsecured database.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED] containing the single word unsubscribe in
the SUBJECT of the message.
