[Nitro] Security problems

Peter Abrahamsen rainhead at gmail.com
Sun Nov 13 16:17:42 EST 2005

Another simple solution would be to look up by name, not number. As  
long as you don't expect project names to change often, URIs like / 
project/bills-project are far more user friendly, and make it harder  
for someone with no knowledge of a project to stumble upon it.

This isn't real security, of course -- the other replies have covered  
that. But I appreciate that sometimes you don't really want to put  
strict access controls on something, but don't want to advertise its  
presence, either. I do this when I need to give someone a large file  
- I put it on a web server in a place where it won't be indexed, and  
give the person the URL. It wouldn't be a huge problem if someone  
found one of those files, but I'd just as soon nobody rifle through  
all my stuff. Meanwhile, I don't have to worry about creating a user,  
a password, or an ACL.


> I am not sure if this can be done already, but I would like the  
> path to be
> hidden. I would like to show only the main page URI. I think it is a
> security problem if a user sees things like http://myhost.com/ 
> project/1
> The users might type /2 by himself...

More information about the Nitro-general mailing list