Some comments below:
Elias Torres wrote:
- We'll write a PagePlugin that rewrites URLs in entries to go through
some global redirector (which we might add to Roller as well) so
anchors in entry URLs are not leaked to the web. Again, if anyone
wants to use Roller on the intranet, I think this is important.
Allen Gilliland wrote:
i'm not sure i fully understand this one. can you explain it more.
Elias Torres wrote:
Right now when people visit my external blog from IBM's internal
server, I can see in my apache logs the entry anchor from the
referrer. This can leak information such as
"we_re_buying_chococalate_company_x". Do you know what I mean?
One would have to make the rewriting PagePlugin mandatory for all users
on your installation somehow, which is not something we currently have,
but might be a useful feature. As long as it is pluggable and
localized, this sounds fine.
If a site is really worried, they have to handle this a bit more
centrally. There can otherwise be a lot of internal web pages (e.g.
project pages) that might have links to outside parties: vendors, open
source docs, etc. All of these would leak referrer information and
could be just as revealing of internal projects/relationships as blogs.
I believe this is the kind of thing most sites would do with outbound
HTTP proxy servers if they really care to be thorough. This means
blocking outbound HTTP traffic that does not go through their proxy, and
doing things like stripping internal referrer URLs for requests going out.
--a.
