The sad truth is that if you keep sensitive files on any Web server, you are inviting people to view or copy those files. And not just Web servers, either. FTP servers can also be indexed by automated scanning tools, similar to Web indexing robots. The worst offenders so far have been e-commerce sites, where it is common to find database files with credit card info.. . .
The sad truth is that if you keep sensitive files on any Web server, you are inviting people to view or copy those files. And not just Web servers, either. FTP servers can also be indexed by automated scanning tools, similar to Web indexing robots. The worst offenders so far have been e-commerce sites, where it is common to find database files with credit card info.

Any information that you must keep confidential cannot be stored on any public network service.

When Google added the ability to index several new filetypes, including Microsoft Office, PostScript, Corel WordPerfect, Lotus 1-2-3, and others, some people got alarmed (see Resources). Of course, this is silly, like thinking that you can prevent your bicycle from being stolen from your front porch by draping a sheet over it. While the ability to use powerful search engines, like Google, to search for specific patterns is like having someone provide a bicycle thief with a list of porches with "hidden" bicycles, complaining about Google is not the way to protect your assets.

Sensitive information does not belong on public network servers. The most egregious cases include e-commerce sites, often running IIS, that include an MS-SQL database of customer information on the same Web server. The most common explanations for doing this that I hear is that it is more convenient to do so, and the performance is better. While it may be convenient having the database file on the same server, it is like using the sheet to "protect" the bicycle. The second argument is not even true.

The link for this article located at Rik Farrow is no longer available.