Two possibilities:
1) Google does a TCP Quesry for all permutations of directories for ever
site it crawls (unlikely)
2) The browser of a user of that flat file reported a "referrer" URL to
Google when the user left the flat file and landed on a Google page. I
believe browsers usually report a referral only when a link from the
original page is provided, but that doesn't mean a non-standards compliant
browser (e.g. IE7) didn't report it that way.
-- Mike Walker On 9/19/07, Chris Jones <techmaster@gmail.com> wrote: > > I'm doing some forensics for a web site, involving some sensitive data > being hidden in a file on a web site, and google somehow finding the file > with this data. Even though it's in a directory that basically has no way > of listing its contents, google can somehow find out about the existence of > this file, spider the file, and keep a copy of it in google cache. I'm > trying to find an article about this issue, proving that it is a real issue > and that it exists. So far I'm turning up nothing, but I was wondering if > any of you knew of such an article. Basically, just something saying "don't > store credit card numbers in a flat file on your web server because..." or > something to that effect. I just want to have some proof that this is > possible. If any of you can help, it's highly appreciated. > > Thanks, > Chris > ___________________ Nolug mailing list nolug@nolug.orgReceived on 09/19/07
This archive was generated by hypermail 2.2.0 : 12/19/08 EST