OK, Iâ€™m kind of torn for posting this, but I guess itâ€™s better to point to a problem so that it stands a chance to get fixed, rather than just pretend it isnâ€™t there, right?
Jason Kottke writes about the launch of Google Code Search, still in the Labs category at Google, which is meant to search in open source code. Clearly a tool that could be interesting for developers Iâ€™d reckon, although I canâ€™t think of anytime it would have suited my needs in the past. Then again, maybe I would if it existed… Ah, nevermind.
Kottke points to some of the riskier parts of this nifty little search engine. Such as people putting their WordPress files in a ZIP or TAR file, including the wp-config.php file containing MySQL passwords for the site for instance. Thatâ€™s probably not so good, right? Well, there are other examples as well and Kottke seems to collect them. Hopefully these people will get notified of any serious stuff they unknowingly might have put online and public in this manner.
Well, it could be worse. The admin users for your blog is located in the database and you wonâ€™t find the administrator username and password in wp-config.php for instance. Then again, if you got the passwords you need to access the database it doesnâ€™t take a hacker wizkid to get in there and do some damage.
Have a look at Kottkeâ€™s post, and make sure you havenâ€™t put anything stupid in a compressed file. If not, donâ€™t fret â€“ Google Code Search wonâ€™t mess with your regular PHP files or anything like that.
Ah Google, the things you put us through.