Friday, November 18, 2005
Security Flaw With Google Sitemaps Stats
David Naylor points out a pretty surprising security oversight with Google's new Sitemaps stats system. It basically allows anyone access to stats of other web sites, if those web sites don't report 404/File Not Found errors correctly.
In order to see stats for a site, you have to verify you own it by installing a special file on your server. Google randomly generates a filename to use, you install this file, then Google checks to see if it exists. If it does, you can view stats for that site.
The problem is, some web sites will respond that any page exists, even if it doesn't. Rather than sending out a 404 File Not Found error message, they'll dynamically generate the page with content anyway or they'll tell the user the file doesn't exist, but the server code sent to a browser says differently.
Category: Search Engine Marketing and Optimization
In order to see stats for a site, you have to verify you own it by installing a special file on your server. Google randomly generates a filename to use, you install this file, then Google checks to see if it exists. If it does, you can view stats for that site.
The problem is, some web sites will respond that any page exists, even if it doesn't. Rather than sending out a 404 File Not Found error message, they'll dynamically generate the page with content anyway or they'll tell the user the file doesn't exist, but the server code sent to a browser says differently.
Category: Search Engine Marketing and Optimization
posted by Symetri at 11/18/2005 09:34:00 AM 
Subscribe
