HomeBuilding Your WebsiteWeb Programming and Application Development

Tip for new programmers

Greg K posted this at 00:04 — 20th January 2006.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

I felt like writing this message to help remind new programmers of soemthing they may not be aware of: Hiding your data!

When you write a program to collect people's information, if you are storing it in a flat file, make sure to protect that file from viwing by the general public.

I was doing search on google for an e-mail address of someone I haven't talked to in a year. I knew the letter part of her e-mail address, but forgot the 2 digit number at the end. Well up pops 3 pages worth of results from a site that lets people send each other a music greeting card. It wasn't the cards indexed, it was the flat data files with senders name and e-mail address, recipients name and e-mail address, date, and message (along with infor for what images and muci to play).

I checked out the main site, and surprise, they have a privacy policy, which states in part

Quote: Security
This site has security measures in place to protect the loss, misuse, and alteration of the information under our control. Email addresses used in sending greeting cards are maintained only in the files containing the card information and are deleted at the end of the life of the card. These are not available to anyone beyond the webmaster in or outside of our organization.

I just now noticed the "life of the card" part. There are data files back to 2002! Long live those cards.

So when you utilize a system like this, at the very least in the directory where you store the data files, put a basic index.html page so that diretory browsing isn't available. Better yet have them somewhere outside of the web directory of your server.

I have contacted the site, to let them know that not only is it browsable by the public, but that google has indexed it all! So far, no change.

Now I'll admit, I'm the snooping type (trying to break that), but in looking though some of the results, I saw some interesting things, like a card sent to a guy by a lady talking about how much she loves him yet they have to be careful so her husband doesn't find out. Imagine if that husband googled her e-mail address!!!!

As you can see, this site may not sell the information they collect, but spamers love these! If you havested this directory, there are about 11,000 data files, and from looking, on the small side, I'd say they average about 10-15 entries a file. Each with a sender and receivers e-mail address....

If you want to be sure you have your files protected, reply to this and I'll try to help you make sure!

-Greg

demonhale posted this at 03:50 — 20th January 2006.

demonhale's picture

He has: 3,278 posts

Joined: May 2005

Good Tip there Greg... Although I like flatfile a lot, it does have these issues, so better transition to mysql if you have the time...

Snoop on mine Greg...

Busy posted this at 09:22 — 20th January 2006.

Busy's picture

He has: 6,151 posts

Joined: May 2001

demonhale, you were arrested for wearing a dress down main st in a drunken stat? shame on you !

demonhale posted this at 13:09 — 20th January 2006.

demonhale's picture

He has: 3,278 posts

Joined: May 2005

where did you get that info busy??? LOL!

Greg K posted this at 19:12 — 20th January 2006.

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

From your flat file, next time stuff the bra....

demonhale posted this at 00:53 — 21st January 2006.

demonhale's picture

He has: 3,278 posts

Joined: May 2005

yah forgot about that one, those were my queer years... wha ha ha ha! (it rhymes too!)

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.