Secure your code!

Filed Under Geek | 2006-10-07, 14:06

google code search

Google has launch it’s new Google Code Search which allows you to search publicly accessible source code. Great for programmers, great for hackers, bad for not so attentive webmasters. Google crawls websites and peeks inside archive files (.tar.gz, .tar.bz2, .tar, and .zip) looking for code. Remember when you figured a zipped up file wouldn’t be spidered by a search engine? Not anymore. So check your websites, make sure you don’t have anything sensitive in those zip files in a clear-text text file. Want to know how easy it is to find useful information for not-so-nice actions? Check out this search for the config file for WordPress that contains your database information.
While I think Google has the best intentions, I don’t think this search is going to be a positive thing. The amount of code that might be accidentally exposed as well as the number of people just plain copying code is a bit much. If people want to put their code out there, they should just post it on a website to let all the search engines crawl it.

Leave a Comment