views:

124

answers:

2

I have an online application that all of its pages use HTTPS. I have 3 questions:

  1. Does Google index HTTPS pages?

  2. I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google?

  3. I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google?

Thank you for your help,

Niyazi

A: 

I have a partial answer for you:

1) Yes Google can index HTTPS pages

2) Not sure about this but you could always put it in a robots.txt file to make sure it is not indexed.

3) if its behind forms authentication then google should not bea ble to index it

bechbd
+1  A: 

If the pages are password protected, and you've implemented that correctly, there's no way the Googlebot would be able to access them. As with any other web client, they'd still need the password, and Googlebot, as far as I know, doesn't make any attempts at authorization.

Also, to be clear, HTTPS provides encryption, not authentication. This means that the data is encrypted between your server and the client, which ensures that nobody can catch the data midstream and view or modify it. However, unless you protect access to that data with an authentication mechanism, anyone can still look at it.

Daniel Schaffer
Hi Daniel. Thank you for your reply. I have 2 different types of password protected pages. First type is the pages in a folder which is embraced by Forms Authentication. Second type is kind of different. When you hit the page, it asks a password. If password is correct, code hides the DIV asking password and shows another DIV that displays sensitive data. Are both secure enough not to be indexed? Thanks again.
ncakmak
The first is, the second is not by any means - and that goes for everyone, not just search engine bots. The second one would never actually be password protected because the div with sensitive data can be viewed by anyone who knows how to do "view source".
Daniel Schaffer
Let's say the page in the 2nd case is Test.aspx. It has 2 DIVs in it. Both DIVs have runat=server with IDs, say divPswd and divData. By default divPswd.Visible == true and divData.Visible == false. Test.aspx doesn't use CSS to hide and show DIVs, uses Visible property from .NET framework. When the user enters the password in divPswd correctly, button event sets divPswd.Visible == false and divData.Visible == true, page link still says "Test.aspx", and displays the data in divData. Is the data in divData still indexable by search engines in this case?
ncakmak
Then no, it shouldn't be indexed as long as it isn't getting rendered in any form to the page before authentication.The practice is still pretty smelly though, but that's for another conversation.
Daniel Schaffer
Thank you Daniel. Page also uses Session variable to make sure that button event is clicked to check Password entry.
ncakmak