Hi,
I'm not understanding this... so there are hidden links to /admin if
you're logged in, but how does Google see those pages? I mean,
shouldn't they crawl as a normal not-logged-in user, and so they should
not be able to see those hidden links?
Thanks.
/sh
Scott Laird wrote:
> The main reason behind this is that there are hidden links to the admin
> edit pages all over the place, so logged-in users can use the one-click
> editing feature. Strictly speaking, this isn't a security issue, but
> it'd be best to keep Google from crawling /admin, even if there's
> really nothing there for them to see.
--
Shawn Liu / Iridesco, Inc. / 212.226.4160 / 212.226.4161 fax
From shawn at iridesco.com Thu Jul 28 10:54:57 2005
From: shawn at iridesco.com (Shawn Liu)
Date: Thu Jul 28 10:49:10 2005
Subject: [typo] typo admin shows up on google.
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Sorry, I should of checked the source code before writing the email.
So here's the hidden HTML,
<div class="post" onmouseover="if (getCookie('is_admin') == 'yes') {
Element.show('admin_article'); }"
onmouseout="Element.hide('admin_article');" >
<a class="admintools" href="/admin/content/edit/80"
id="admin_article" style="display: none">edit</a>
----
I think it'd be better if we can just check the session variable in the
Rails code and have the logic there, as opposed to changing the style on
client side. Or is there a compelling reason for doing it this way?
Thanks.
/sh
--
Shawn Liu / Iridesco, Inc. / 212.226.4160 / 212.226.4161 fax
From scott at sigkill.org Thu Jul 28 11:02:58 2005
From: scott at sigkill.org (Scott Laird)
Date: Thu Jul 28 10:57:24 2005
Subject: [typo] typo admin shows up on google.
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
On Jul 28, 2005, at 7:54 AM, Shawn Liu wrote:
> Sorry, I should of checked the source code before writing the email.
>
> So here's the hidden HTML,
>
> <div class="post" onmouseover="if (getCookie('is_admin') == 'yes')
> { Element.show('admin_article'); }" onmouseout="Element.hide
> ('admin_article');" >
> <a class="admintools" href="/admin/content/edit/80"
> id="admin_article" style="display: none">edit</a>
>
> ----
>
> I think it'd be better if we can just check the session variable in
> the Rails code and have the logic there, as opposed to changing the
> style on client side. Or is there a compelling reason for doing it
> this way?
We used to do it on the server side, but we couldn't cache it then.
As it is now, everyone sees the exact same HTML page, so we can cache
it on-disk and have Apache serve it for us without Rails ever seeing
the hit; that gives us a 100x speedup.
Scott
From chris at codeintensity.com Thu Jul 28 11:24:59 2005
From: chris at codeintensity.com (Christopher Bailey)
Date: Thu Jul 28 11:19:57 2005
Subject: [typo] Need help upgrading
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
I was doing that actually, just didn't specify that in my email.
On 7/27/05 8:39 PM, "Kevin Ballard" <[EMAIL PROTECTED]> wrote:
> In a production environment, you want to do `rake migrate
> RAILS_ENV=production`. Without that, you're migrating the development
> environment, which isn't very useful.
>
> On Jul 27, 2005, at 5:52 PM, Christopher Bailey wrote:
>
>> I then tried to do "rake migrate". Is that
>> the correct way to do it? Is there a web page explaining how to do
>> upgrades?
