Securing Zoom Search Engine Interface

Scott

Newbie

Join Date: Dec 2004

Posts: 14
- Share
- Tweet
#1

Securing Zoom Search Engine Interface

Dec-19-2008, 05:43 PM

I'm using CakePHP MVC as my intranet web interface. I have several "offline mode" folders indexed via Zoom Search Engine. These folders require user/group authentication because of the proprietary nature of the files. I am able to provide authentication to the Zoom Search interface via passing a SessionID through the command line. I can then modify the search.php file to lookup the session and validate the user associated with the session has the credentials to view the indexed files.

I could write a PHP wrapper around a CGI to perform a similar function. The problem with doing this is the security can be by bi-passed by calling search.cgi directly.

Any suggestions on securing a CGI version of Zoom Search Engine.

The world is a dangerous place to live, not because of the people who are evil, but because of the people who don't do anything about it.

Albert Einstein
Tags: None
David

Administrator

Join Date: Dec 2004

Posts: 4708
- Share
- Tweet
#2

Dec-19-2008, 08:28 PM

You could put a redirect in your .htaccess file to prevent direct CGI access (and maybe redirect the request back to the PHP script).

But if the call to the CGI script is hidden in the PHP script is anyone going to guess that a CGI script even exists, then guess the name of the script?
Comment

Announcement