Does Shortlinks enhance security of a site?

Newbie Joined: Nov 03, 2007 Posts: 127

I think I have read somewhere that Shortlinks enhance the security of a site and I would be grateful, if I could get it confirmed and explained.

Site Admin Joined: Jul 18, 2005 Posts: 375

I guess that in a round about way it might be possible.
For example, someone might be conducting a cross site scripting attack on a specific file but because some of the characters within that url are re-written, they might end up with a 404 error as their 'target' file doesn't exist (it has been re-written).
Obviously, that is only theoretical and most exploits are aimed at admin functions which are not re-written.

Site Admin/Owner Joined: Feb 12, 2005 Posts: 1282

Well, you certainly would not have read it from me as I never even considered it before.

I suppose it is possible if only for the most novice hackers who could use search engines to find certain exploits. There are web sites out there (I will not divulge them) that collect search engine query strings for known exploits so hackers can find the "easy prey". However, all it takes is for these sites to also collect the shortened link equivalents and that benefit evaporates.

But, that is only those trying to find your site with search engines and specific exploits that you might have such as any add-ons with security holes in them. So, I guess, to some degree I agree with the statement.

Now for the other end of the coin. If a hacker has already targeted your site, then this does not matter. The reason is that both the shortened link as well as the full original link will work just the same (for the standard link, however, hackers could also try to inject addition variables for which only a full URL will work for them). So, if they can find the hole, it doesn't matter whether you have ShortLinks or not.

Hope this helps.

Edited: I added a parenthetical remark in the second to the last sentence in the fourth paragraph.