Forum Moderators: coopster
I have an admin page which lists potential link partners. If I click the partners links (to peruse their sites) the admin url is being recorded in the partners access log file. This is a security risk as they now know the admin page!
admin.php generates a list of links:
www.newpartner4widgets.com
If I click that link their site will record me as coming from
www.mysite.com/linksadmin/admin.php
The security problem is that newpartner4widgets.com can see this link, paste it into their browser and access the admin.php page!
Is it possible to just make it look as if www.mysite.com visited and not send the other stuff?
Please note this is not my script but a free links script available for download - Grrrr! I have mailed the support for the links software but I'd really like to fix this asap by not leaking out the admin page.
password protect the admin page might be a thought as well
use .htaccess
You could also right click on the link, copy, and paste it in to the address box. But, you'd lose the referrer to your site completely.
- Ryan
Really annoyed with this. I usualluy follow strict rules with stuff like this. Yes, now I have .htaccessed the dir but you'd think the vendors would realise these pitfalls by now.
I tell you what else I do. I always rename the scripts to something obscure - both the script name and the dir. But when weblogs are recording the referring script, path, and webserver what's the point!
Surely there must be a way of cloaking where a link is coming from?
