> Interestingly, Nessus reports the existance of robots.txt as a > security "vulnerability" (one step worse than a "warning")
This came up on comp.risks a while ago. The argument appears to be that people put confidential information _unprotected_ on their web sites, and then list the URLs of this information in their robots.txt files to stop robots from getting at it. So, by telling people where to find it, the robots.txt file is a "vulnerability". Personally, I think this is hogwash (and I said so at the time). The vulnerability is not correctly protecting your confidential information in the first place. Its like arguing that running an ancient version of sendmail is fine, just as long as the machine that its running on doesn't have "mail" in its name. Cheers, Simon.
