Your site is not password protected so google robot just crawling
through the delete links..
http://doidata.net/contributor_roles/
Andras
On Oct 26, 2009, at 4:36 PM, audioworld wrote:
>
> I have a basic database management online at http://doidata.net
> The access to the admin section is secured with a simple
> authentication which is hardcoded in the file /config/core.php
> In theory, when someone without the admin cookie set, access to the
> routes
> ../resource/delete/ID
> should be blocked. However, when I try this URL in the browser, it
> really works WITHOUT atuhentication, and the database entry is
> deleted!!! This was demonstrated last night by Google Bot which seems
> to try our every possible route, and deleted most of my entries..
>
> here are some lines from the APACHE acces log:
> 66.249.65.72 - - [24/Oct/2009:04:57:47 +0200] "GET /contributor_roles/
> delete/15 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/
> 2.1; +http://www.google.com/bot.html)"
> 66.249.65.72 - - [24/Oct/2009:05:00:30 +0200] "GET /contributor_roles/
> delete/12 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/
> 2.1; +http://www.google.com/bot.html)"
>
> I am very thankful for any help to lock up my database edit/delete
> access,
> thanks, karl.
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment