On 10/7/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > Some comments below: > > >>>Elias Torres wrote: > >>> > >>>- We'll write a PagePlugin that rewrites URLs in entries to go through > >>>some global redirector (which we might add to Roller as well) so > >>>anchors in entry URLs are not leaked to the web. Again, if anyone > >>>wants to use Roller on the intranet, I think this is important. > >>> > >>> > >>> > >>> > >>Allen Gilliland wrote: > >> > >>i'm not sure i fully understand this one. can you explain it more. > >> > >> > >Elias Torres wrote: > > > >Right now when people visit my external blog from IBM's internal > >server, I can see in my apache logs the entry anchor from the > >referrer. This can leak information such as > >"we_re_buying_chococalate_company_x". Do you know what I mean? > > > > > > One would have to make the rewriting PagePlugin mandatory for all users > on your installation somehow, which is not something we currently have, > but might be a useful feature. As long as it is pluggable and > localized, this sounds fine.
Right. I didn't think of this. > If a site is really worried, they have to handle this a bit more > centrally. There can otherwise be a lot of internal web pages (e.g. > project pages) that might have links to outside parties: vendors, open > source docs, etc. All of these would leak referrer information and > could be just as revealing of internal projects/relationships as blogs. > > I believe this is the kind of thing most sites would do with outbound > HTTP proxy servers if they really care to be thorough. This means > blocking outbound HTTP traffic that does not go through their proxy, and > doing things like stripping internal referrer URLs for requests going out. > > --a. > You're right. I don't want to make you think we are being paranoid or anything like that, but I think this is something companies need to think more about it. For example, I don't think IBM could police with proxy servers all content being leaked out, it's just impossible. Also, I think that before blogs, people didn't pay as much attention to logs as they do now with blogs and those bloggers are the ones with biggest mouths anyways. :-) It'd be nice if Roller started providing more features that interest/appease the corporate folks, especially when it's really simple, like this case. Is it too crazy? Maybe, right?
