By Munir Kotadia
Published: Friday 14 January 2005
Email story to a Friend | Report Abuse
Name
Anonymous
Location
Sydney, Australia
Occupation
software developer
Comment
You should NOT rely on robots.txt for security! All it does is say, in effect, "if you are an automatic process, please don't search in the following spots..." Yes, Google obeys it, so your crappy security will be harder to find if the attackers just use Google. But not all spiders obey it, and web spiders aren't the only way to find vulnerabilities. For example, another way is to read your robots.txt file and assume that anything it excludes is likely to be interesting!
So setting up robots.txt without securing a site is like putting a "Keep Out" sign on an unlocked door. Nice people will obey it, crooks will go "hmm, wonder what's behind ... ooh, it's unlocked!"
If you are sufficiently aware of the problem to configure robots.txt, then do the job properly and actually secure your resources.
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
RSS Feeds
The Round-Up The Weekly Round-Up: 03.12.09 'Ere guv, you'll never guess who I had in the back of my cab the other day…'
Stuart Roberts Shared services - how to get it right in your business Recession boosts uptake