Paranoia
I know I said I wouldn't likely discuss my next project here anymore, but...
Over the past few days I've been setting up my link portal. I've been working out the templating system and found I can do what I want to pretty straightforwardly. I set this stuff up locally first, of course.
As of this morning, approx. 2 AM, I had a look that paralleled P6 and the reBlog, my other ongoing experiment.
Today I decided to pretty much take the day off. Went to visit my daughter. Went to show her what I was doing. Found the link portal had been reconfigured.
Fortunately I was just playing, and fortunately I still have the changes I made locally to the templates. In fact, I'm even further along than the site on the server. And it's basically my fault; it looks like the setup script was run again because it had been changed from a single language to a multi-language configuration. You're just not supposed to leave setup scripts laying around your site, but I was SERIOUSLY not looking to go public for a while.
On the other hand, I know from experience if you leave anything at all on a server, Google will find it unless you specifically tell it not to. And it only works because Google is being nice…it's easier to write a spider that ignores robots.txt than one that obeys it.
This is the most typical sort of security lapse—sloppiness due to assuming no one is interested. And I'm not totally discounting the possibility I did something stupid because it was late and I was tired. I don't know for sure how nuts to get about this.
Well, the whole directory tree the portal lived in is gone, as is the database, and user account the scripts used. And I'll be thinking in terms of tightening up security and recovery capability around here.
