tags:

views:

124

answers:

2
+1  Q: 

Does Google index HTTPS ASP.NET pages?

I have an online application that all of its pages use HTTPS. I have 3 questions:

  1. Does Google index HTTPS pages?

  2. I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google?

  3. I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google?

Thank you for your help,

Niyazi

A: 

I have a partial answer for you:

1) Yes Google can index HTTPS pages

2) Not sure about this but you could always put it in a robots.txt file to make sure it is not indexed.

3) if its behind forms authentication then google should not bea ble to index it

bechbd  2010-04-23 17:20:20
+1  A: 

If the pages are password protected, and you've implemented that correctly, there's no way the Googlebot would be able to access them. As with any other web client, they'd still need the password, and Googlebot, as far as I know, doesn't make any attempts at authorization.

Also, to be clear, HTTPS provides encryption, not authentication. This means that the data is encrypted between your server and the client, which ensures that nobody can catch the data midstream and view or modify it. However, unless you protect access to that data with an authentication mechanism, anyone can still look at it.

Daniel Schaffer  2010-04-23 17:22:30
Hi Daniel. Thank you for your reply. I have 2 different types of password protected pages. First type is the pages in a folder which is embraced by Forms Authentication. Second type is kind of different. When you hit the page, it asks a password. If password is correct, code hides the DIV asking password and shows another DIV that displays sensitive data. Are both secure enough not to be indexed? Thanks again.
ncakmak  2010-04-23 17:33:51
The first is, the second is not by any means - and that goes for everyone, not just search engine bots. The second one would never actually be password protected because the div with sensitive data can be viewed by anyone who knows how to do "view source".
Daniel Schaffer  2010-04-23 19:43:27
Let's say the page in the 2nd case is Test.aspx. It has 2 DIVs in it. Both DIVs have runat=server with IDs, say divPswd and divData. By default divPswd.Visible == true and divData.Visible == false. Test.aspx doesn't use CSS to hide and show DIVs, uses Visible property from .NET framework. When the user enters the password in divPswd correctly, button event sets divPswd.Visible == false and divData.Visible == true, page link still says "Test.aspx", and displays the data in divData. Is the data in divData still indexable by search engines in this case?
ncakmak  2010-04-23 20:44:30
Then no, it shouldn't be indexed as long as it isn't getting rendered in any form to the page before authentication.The practice is still pretty smelly though, but that's for another conversation.
Daniel Schaffer  2010-04-23 23:34:29
Thank you Daniel. Page also uses Session variable to make sure that button event is clicked to check Password entry.
ncakmak  2010-04-24 01:01:53

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps