security without inconvenience
Posted: Wed Sep 01, 2004 7:22 pm
I have my page set up so that all the URLs are like http://kafene.org/index.php?url=http:// ... g/main.php. Google won't index these, so it's a major pain. Mod_rewrite helps some but the blog archives are stuck like this (blogger's fault).
Is there a way to make it so that scripts can't be embedded and all URLs automatically are executed for kafene.org?
What I'm saying is if I tried to go to http://kafene.org/index.php?url=http:// ... _script.pl it would attempt to go to that file ("http://badsite.net/malicious_script.pl") on my own domain rather than bring in a remote one?
And also so that if someone put in index.php?url=<? it would attempt to go to then file <?.
This way I can get google-compatible PHP URLs (it doesnt mind index.php?url=42, it's the including domains that throws it off)...
Thanks!
Is there a way to make it so that scripts can't be embedded and all URLs automatically are executed for kafene.org?
What I'm saying is if I tried to go to http://kafene.org/index.php?url=http:// ... _script.pl it would attempt to go to that file ("http://badsite.net/malicious_script.pl") on my own domain rather than bring in a remote one?
And also so that if someone put in index.php?url=<? it would attempt to go to then file <?.
This way I can get google-compatible PHP URLs (it doesnt mind index.php?url=42, it's the including domains that throws it off)...
Thanks!