Forum Moderators: Robert Charlton & goodroi
can someone confirm?
Here is my experience:
i have received a couple of emails from un unknown gmail account, so i decided to look for info about the sender in google
google returned one result for the query (gmail adress) that was like (examplified url)
www.SubscriptionBasedOnlineService.com/ConfirmSubscription?Hash=....&UserID=TheUserID
now correct me but this kind of confirmation link is usually only sent by email to sevice subscribers.
Where else would Gbot have picked up such a "Private" URL?
but the issue remains the same, there are real Security implications to such an indexing behavior
You will notice any site with credible authentication never passes URLS with the username and password in plain view like that...
have a look at the way passport/google/yahoo etc provide authentication...
it still poses security issues because the bot visiting that URL will actually activate some service the user has not confirmed, so it is not just a matter of Secure URLS, any urls sent to you by a service provider may be specific to you, implying your acceptance of a service aggrement or whatever personal action, Robot indexing in this case is an abuse of your right to accept/reject an offer (for example) that's where i see a problem
Is it a https:// page or just an http:// page?
