Warning: this coffee may be hot


I found this article about Google's new "code search" tool rather amusing. In a manner that reminds me of the fabled warning that gets printed on some coffee cups, helpfully advising consumers that the coffee they have just bought might be hot ('hmm, great, that's what I thought I'd paid for'), this article helpfully advises us that the new search tool might be used by 'hackers' to find flawed code or proprietary code on the interweb.

It points out that "[Google code search] peeks into the actual lines of code whenever it finds source-code files on the Internet". Well, good. A search engine is meant to seek out documents on the internet and peek into those documents to properly index them. Imagine a search engine that never peeked inside documents. Every search would have to either return no documents, all documents, a random list of documents or those documents where the search terms appear in the title.

It goes on to say "Attackers could also search code for vulnerabilities in password mechanisms". Frankly, anyone that posts the source code for their password mechanism on a publicly accessible web site probably deserves to be attacked.

Then it says "or to search for phrases within software such as "this file contains proprietary," possibly unearthing source code that should never have been posted to the Internet".  True, but conversely it could be useful for holders of copyright source code to search the web to make sure that one of their employees or a third party hasn't inadvertently or maliciously posted some vital piece of source code to the web.

Anyway, I'm off to put the kettle on. I'll be sure to make sure my coffee is cold before drinking it.

Doug

Comments (2)

  1. Guruparan says:

    Yes its true, So, i wont never ever put my code online…(but for sure, i will upload the codes & demo applications) to the sites like codeproject.com, gotdotnet.com etc!…

    I do Hate google!

    But i really Love LIVE!

  2. I just realized that my last post is 20 days old… I spent this time working on support calls I own

Skip to main content