This is not an ideal solution. There must be a mechanism to run the search and cache on different domains.
On 9/11/07, Manoharam Reddy < [EMAIL PROTECTED]> wrote: > > I found a temporary solution. I put the nutch pages and the CMS pages > in different sub-domains. > > is it possible to make cached.jsp filter <script> tags by modifying > config xml file? this will be a good solution for me since I run both > CMS and nutch in same domain name. > > On 9/10/07, Manoharam Reddy <[EMAIL PROTECTED]> wrote: > > this seems like a problem. my tomcat server is running Nutch along > > with a CMS login page. what to do to resolve this problem? anyone > > else having same problem? please help. > > > > On 9/8/07, Susam Pal <[EMAIL PROTECTED]> wrote: > > > I find that 'cached.jsp' executes the scripts that have been cached > > > along with the pages. This is not wrong as such. But this becomes a > > > security concern when the Nutch search engine is a part of a website > > > that implements authentication and authorization. > > > > > > If the original page has a malicious script, the script will be run > > > when a visitor visits its corresponding cached page in the Nutch > > > search engine. If the script is a cookie stealer, then it would allow > > > the attacker to steal the session cookies of an authenticated user and > > > hijack his session. > > > > > > As a result, search engines like Google, Yahoo, etc. have the cache on > > > a different address, so that the scripts can not steal the cookies set > > > > by the domains like google.com, yahoo.com, etc. The same practice has > > > to be followed with Nutch too, if the website it is hosted on, > > > contains such sensitive cookies. > > > > > > I am not sure whether it is possible to extract only the cache details > > > from crawl DB and take it to a different server. So, currently I can > > > imagine the following method only to do this:- > > > > > > 1. Delete 'cached.jsp' from the $CATALINA_HOME/webapps/ROOT > > > 2. Take a copy of 'crawl' DB and take it to a different server. > > > 3. Modify 'search.jsp' so that the the 'Cached' link points to > > > 'cached.jsp' in the other server. > > > 4. Run two instances of tomcat server with Nutch, one for the web GUI > > > for search and the other for the cached.jsp only. > > > > > > Is there a better way to achieve this? If not, shouldn't the link to > > > 'cached.jsp' be made configurable? I would appreciate if someone can > > > suggest something regarding this issue. > > > > > > Regards, > > > Susam Pal > > > http://susam.in/ > > > > > >
