[ic] "SOLVED" RE: search problem on any table

Peter peter at pajamian.dhs.org
Wed Oct 5 00:41:16 UTC 2011

On 05/10/11 12:10, IC Support wrote:
> Just to follow up, I did end up figuring out I needed to add the NoSearch
> directive to my search pages.
> [calc]
> 	    $CGI->{mv_todo} = 'search';
> 	    $Config->{NoSearch} = '';
> [/calc]

This is not a good idea, I (or someone with worse intentions than me)
can now create a specially crafted search query to get data out of your
userdb, transactions, orderline, access, tables and more.  You should
specify the NoSedarch directive once in your catalog.cfg and list every
table that you do not anticipate a search running on, or better yet
upgrade to a more recent version of IC that has much better limitations
on search to prevent this.


More information about the interchange-users mailing list