Robots.txt is not a security measure

Sep 10 2008

I am increasingly coming across people who think robots.txt file can be used to prevent search engine crawlers from crawling sensitive data in their websites. Seriously.

This is just plain wrong. Data to be excluded using a robots.txt file is: unwanted, redundant or useless data. An entry in the robots.txt file cannot protect your sensitive data from going out. Sensitive data should not be left open in your website in the first place.

There are many malicious crawlers which crawl only the pages blocked by the robot.txt file in every website. I bet many interesting stuff will turn up in their search results.

4 responses so far

Anish K.S says:

September 11, 2008 at 7:14 am

Nice Post

Reply
Niyaz PK says:

September 11, 2008 at 11:53 am

Thanks Anish

Reply
Yogesh says:

March 13, 2009 at 5:38 pm

How?
How a crawler can bypass robots.txt

Reply
How can a crawler bypass robots.txt? | Diovo says:

March 16, 2009 at 2:34 pm

[...] I wrote that robots.txt will not prevent bad crawlers from accessing your private data, a reader wondered how a crawler can bypass [...]

Reply

Leave a Reply Cancel reply

Get updates by email
Recent Posts
Recent Comments
- Gion: Is it possible to have drop down menu on the main menu bar?
- sreekantan05: In the same way for 4n+3, I suppose it would reach some stage where we will have to prove that number X...
- sreekantan05: Good try. Started with 4n+3… what all were ur approches for this which failed?
- Bhagwad Jal Park: Very nicely thought out. But when we say that all odd numbers can be represented as 4n+1 or 4n+3,...
- Sherree Curtis: I just started using this theme on a website and I love it. Except I can’t seem to get the logo...
Categories
- Bugs/Issues (10)
- Design (18)
- Games (1)
- General (57)
- Google (8)
- Internet (36)
- Math (5)
- Microsoft (8)
- Programming (32)
- Review (3)
- Security (19)
- Startup (9)
- Tips (5)
Translator