Home > Fluid Dynamics Search Engine > Help > 1079

Security: Changing the location of the searchdata folder

By default, the search engine and all of its files reside under a single, publicly-accessible folder named "search":

e:/webroot/search/
	license.html   # optional
	install.html   # optional
	proxy.pl       # public script
	search.pl      # public script
	setperms.bat   # optional
	setperms.sh    # optional
	searchdata/    # private data
	searchmods/    # private libraries

From a security standpoint, the only files that should exist under the publicly-accessible folder are those files which are publicly accessed.

As an example of the risk, people can make direct requests to "http://mysite.tld/search/searchdata/" to access the private files within. Some of those files may contain sensitive information. The best way to prevent these requests is to move the "searchdata" folder to a different location.

To improve security, we begin by make a copy of the "search" folder and placing it somewhere that is not within the publicly-accessible webroot:

e:/private/
	license.html   # optional
	install.html   # optional
	proxy.pl       # public script
	search.pl      # public script
	setperms.bat   # optional
	setperms.sh    # optional
	searchdata/    # private data
	searchmods/    # private libraries

e:/webroot/search/
	license.html   # optional
	install.html   # optional
	proxy.pl       # public script
	search.pl      # public script
	setperms.bat   # optional
	setperms.sh    # optional
	searchdata/    # private data
	searchmods/    # private libraries

Next, we delete all files that we don't need. Those would be the install help files and the setperms scripts:

e:/private/
	proxy.pl       # public script
	search.pl      # public script
	searchdata/    # private data
	searchmods/    # private libraries

e:/webroot/search/
	proxy.pl       # public script
	search.pl      # public script
	searchdata/    # private data
	searchmods/    # private libraries

Next, we delete all publicly-accessible files from the private folder:

e:/private/
	searchdata/    # private data
	searchmods/    # private libraries

and we delete all private data and files from the public folder:

e:/webroot/search/
	proxy.pl       # public script
	search.pl      # public script

The final directory structure looks like this:

e:/private/
	searchdata/    # private data
	searchmods/    # private libraries

e:/webroot/search/
	proxy.pl       # public script
	search.pl      # public script

Note: the proxy.pl utility is disabled by default. You can read more about it at Advanced Search: Highlighting search terms in the actual document. If you don't use proxy.pl, then you should delete that file too. That will enhance your security even more.

By making these changes, we have removed all unneeded files, and partitioned the public from the private. A final change needs to be made in the search.pl file to point to the new location of the data and libraries. To do this, edit search.pl and find the lines that looks like this:

$err = &load_files_ex( '.' );
next Err if ($err);

Replace "." with the full path to your private folder. Remember to always use forward slashes on Windows. Remember to enclose the path string in single quotes:

$err = &load_files_ex( 'e:/private' );
next Err if ($err);

Now save changes and make a normal search request. You should see the normal behavior.

If and only if you are using the proxy.pl utility, open proxy.pl and find the string:

searchdata/search.pending.txt

Replace with the full path to the pending file:

e:/private/searchdata/search.pending.txt

The proxy.pl will then work properly (see Advanced Search: Highlighting search terms in the actual document for more info on proxy.pl).

Things to keep in mind:

History: this help file applies to FDSE version 2.0.0.0054 and newer.

In FDSE versions 2.0.0.0026 through 53, the method for hiding the "searchdata" folder was to move only the "searchdata" folder, and to modify the load_files( 'searchdata' ); subroutine with its new location. In those versions, the "searchmods" folder was always left in place.

In FDSE versions 2.0.0.0025 and older, the "searchdata" folder could be hidden in the same way, and the $DataFilesDir variable was set with its new location.


    "Security: Changing the location of the searchdata folder"
    http://www.xav.com/scripts/search/help/1079.html