Comment Re:Can someone please explain the law (US)? (Score 1) 127
You become aware of a security bug?
I manage a motel. The room locks are resistant to shims and cheap lockpicks. They are not resistant to crowbars or skilled locksmiths. Nobody has told me that's a "security bug"
Here's a short checklist for covering a website against the equivalent of shims and cheap lockpicks without going to the effort of keeping out the crowbars and the NSA...
1) Put the "no robots" tag on webpages that you don't want appearing in Google searches (rule of thumb: if it doesn't have a picture in it, you don't want it appearing when people search for you anyway).
2) Put a robot trap onto any page that leads to anything particularly valuable, or maybe just lay them everwhere that you have the no robots tag. That'll stop most of the nasty webcrawlers as well as the polite ones.
3) Ensure that inputs to the website from public facing pages are parsed to prevent SQL injection attacks.
4) Log everything.
What do people think? Would these four things keep out most of the "script kiddies" without costing a motel manager heaps of time or money, or is there a fifth thing that needs to be added to the list?
