Posted by burt.lo on August 2, 2011 at 12:52pm
Or, maybe that isn't the correct question. My client wants to post a webform that gathers "Client Personal Information", and she was wondering if that would make her a more likely target to be hacked.
I didn't have an answer to that, but my mind went to trying to secure the page somehow.
Any ideas? Thanks in advance.
- Burt
Comments
You can exclude it from the
You can exclude it from the sitemap.xml, but if you link to it, it'll be crawled.
I think anything that advertises itself as collecting "Client Personal Information" will put a bulls-eye on your site. I think a couple things you could do to make sure it's as secure as possible:
Rich Yumul
Sage Tree Solutions
www.sagetree.net
Thanks, Rich!
Thanks, Rich!
Project Management: http://www.sagetree.net
Coaching Services: http://burtlo.info
On an individual
On an individual page-per-page basis, you're able to specify a noindex meta tag for search crawlers in the head of that page itself (your page may be crawled, but not indexed). This might be preferable as Drupal nodes can be accessed via a variety of url paths (simultaneously). More info from Google here: http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=93710
Thanks, Garen! Great info!
Thanks, Garen! Great info!
Project Management: http://www.sagetree.net
Coaching Services: http://burtlo.info
Also note that if your node
Also note that if your node is listed elsewhere on the site (i.e. a link or teaser to it), the page with that link / teaser would still be indexed. So a link to the private page would still appear on a page listed in search results.
link specific rules module for no-follow attribute
Along with Rich's suggestion of removing the information capture page from the sitemap you can make the page not appear to be on the site by making use of Google Webmaster practices for the robots.txt, meta page info and other anti-crawler strategies.
Now, though a crawler can be made to ignore the rel="no-follow" attribute for anchors it may just skip any page which is linked in that manner; all the "good" ones do. But hiding from crawlers is not defending from hackers, and protecting your data isn't only defending from hackers.
If you can - encode the data as it is stored. Always add a Capcha to forms requesting information. Name the fields in the database something more obscure than "my client's social security number" or "my client's date of birth". You can label them as something meaningful at the theme level but always obscure them at the database level even if they aren't encoded. Use false fields names. The D6 Capcha and ReCapcha modules are excellent.
I wrote a module for fine grained link control by an input filter for {{link_target|text like this}}. It will let you specify with boundary characters {{ }} any link you will want rendered with a specific SEO attribute. This can override the URL filter if you set your input format to use it. That way you could link {{path/to/webform/personal_info|Enter personal information here}} and you can instruct the filter to add the no-follow attribute.
SEO Anchors is at https://github.com/unclebobsblog/SEO-Anchors.
Best of luck