View Forum Topic

Forums
CS520
Homework 6: Clarification for Full Text Search for Passwo...

Author Message

Author	Message
katiatkn Posts: 16	Posted 16:00 May 29, 2010 \| Hi Professor: I noticed that in http://sun.calstatela.edu/csns/wiki/content/, the web site is allowing password protected pages to be searched by the public user. The password protected page is displayed in the result with the TITLE and CONTENT. Shouldn't password protected pages be excluded from search list? In Homework 6, Could we exclude them from the search result? thanks,
cysun Posts: 2935	Posted 16:33 May 29, 2010 \| That's a very good point. I thought about this when I implemented the wiki and eventually decided to take the more "liberal" approach and allow searching for password protected pages. There are several reasons for this: a) It's more convenient. Because not all wiki pages can be linked directly on the front page, a common way to access the pages will be through search. I can see myself using the search function to locate my password protected pages, so for me it's preferable to allow these pages to be searched. b) The page content displayed in the search results is only partial content produced by `ts_headline()`. c) To me, part of the wiki spirit is the openess, e.g. everybody is free to create, view, and edit everything. I don't expect people putting highly sensitive information on CSNS wiki, and the password protection mechanism is just a simple deterrence to prying eyes instead of a serious security measure. With that said, at the end of the day it's just my personal take on the tradeoff between convenience and security. I can see that a more security conscious person would think differently, so if you want to exclude password protected pages from your search implementation, it's completely fine. In the next CSNS update I'll change it so that only the title of a password protected page will show up in the search results.

katiatkn

Posts: 16

Posted 16:00 May 29, 2010 |

Hi Professor:
I noticed that in http://sun.calstatela.edu/csns/wiki/content/,
the web site is allowing password protected pages to be searched by the public user.
The password protected page is displayed in the result with the TITLE and CONTENT.

Shouldn't password protected pages be excluded from search list?

In Homework 6, Could we exclude them from the search result?

thanks,

cysun

Posts: 2935

Posted 16:33 May 29, 2010 |

That's a very good point. I thought about this when I implemented the wiki and eventually decided to take the more "liberal" approach and allow searching for password protected pages. There are several reasons for this:

a) It's more convenient. Because not all wiki pages can be linked directly on the front page, a common way to access the pages will be through search. I can see myself using the search function to locate my password protected pages, so for me it's preferable to allow these pages to be searched.

b) The page content displayed in the search results is only partial content produced by ts_headline().

c) To me, part of the wiki spirit is the openess, e.g. everybody is free to create, view, and edit everything. I don't expect people putting highly sensitive information on CSNS wiki, and the password protection mechanism is just a simple deterrence to prying eyes instead of a serious security measure.

With that said, at the end of the day it's just my personal take on the tradeoff between convenience and security. I can see that a more security conscious person would think differently, so if you want to exclude password protected pages from your search implementation, it's completely fine.

In the next CSNS update I'll change it so that only the title of a password protected page will show up in the search results.