Security Advisory – Google Code Search

Google Code SearchGoogle has done it again. The great people at google have tried to make our lives easier with their new invention of Google Code Search. Now I can find bits of code that I otherwise wouldn’t have found. How does it do this? Well google now can traverse into compressed files like .zips and .tar.gz. What does this mean for you? You know how your a good webmaster and make make backups of your websites as websitebackup.tar.gz? Your configuration.php file is one of the files that you just backed up. Guess what. Now everyone on google code search can see your user name and password for your mysql database. How do I fight this? you might as. Simply put your backups below your website directory so it isn’t accessable via the web. Read more about it from the Joomla Developers here and from a Slashdot article here.

Nonprofit news, strategy, and tactics sent straight to your inbox
Sign up for the Soapbox Engage newsletter

This entry was posted on Monday, October 9th, 2006 at 12:26 pm and is filed under Joomla, open source, PHP, quick tips, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.