Neil Turner's Blog

Blogging about technology and randomness since 2002

Keeping private blogs private

There’s a couple of blogs I have in this installation that I want to keep out of the public eye. One was for a computing project and had ‘confidential’ information in it – or rather, information that was confidential until a few weeks back and can probably now be deleted as it’s no longer needed – and the other is a test blog which includes all manner of randomness that I’d rather the likes of Google didn’t pick up on.

These two use unpublicised URLs and are password-protected so that prying eyes can’t get into them, but if a user performs a search using MT’s search engine then it’s possible that entries from these blogs could appear in the results. The user wouldn’t be able to see the entries in full but would be able to see the title and excerpt. If you happen to have a private journal in the same installation as your public weblog and have a post called ‘I hate my boss’, then if your boss finds it he’s not going to be pleased, even if he can’t see it in full.
Thankfully, a little configuration can solve this. Open up your mt.cfg file and find the line “# ExcludeBlogs …” . Remove the # to uncomment it and add the BlogIDs of the blogs you want to exclude from global searches. You can find out the ID of each blog by looking for the “&blog_id=x” parameter in your browser’s address bar while editing that blog.
Now, that change will stop people accidently finding the entries, but if someone knows the BlogID then they can still add it as a parameter for the search and search that blog. So say my test blog has an ID of 47 (it doesn’t), then a request to mt-search.cgi?search=java&IncludeBlogs=47 would still allow the user to search that blog. Thankfully that’s also stoppable by uncommenting the line “# NoOverride …” (at the very bottom) and ensuring that IncludeBlogs is mentioned, which it is by default. This means that the user cannot specify blogs to search, which means if global searches have been prohibited for a particular blog as above, then there would be no way of searching it. This does, however, mean that you will no longer be able to search specific blogs – any searches will search all blogs on that MT installation.
Since I don’t have anything hugely confidential on here (if it was that confidential I wouldn’t put it on the internet), I decided to only implement the first part and not the second, but you may wish to have that extra level of security if you feel it is important.
incidentally, none of this appears to be in the MT documentation, although there is some inline documentation in the mt.cfg file. This is probably because MT’s search functionality is based on MT-Search, a script that Jay Allen (of MT-Blacklist fame) put together a couple of years ago, rather than it being developed as part of the product. While this isn’t a slight against Jay, the search functionality still comes across as being a bit of a hack, due to its non-standard templating and configuration (compared to the rest of the MT interface). Timothy Appnel has a new search tool that will come in the MT3.1 plugin pack – it was one of the second prize winners in the plugin contest – so it will be interesting to see if and how this improves on the existing search functionality.

One Comment

  1. Woah thanks for the warning!