Dave Shea shows how small pieces of information about your site can be unintentionally sent to other servers over which you have no control. Referers, for example, contain a link to your site, which may be published on other sites and indexed by Google, even if your site is behind a password.
We've run into this before, so we know it's a little scary to see public information about a section of your site you consider private. Dave's now using a redirect to hide links to specific pages:
By creating a generic redirect.php in a public-facing directory, and parsing each and every single link in the protected directory to bounce through the redirect first, and then on to the destination, the referral will appear to come from that script. We can't mask that it's coming from the domain completely, but we can prevent the directory structure of our internal weblogs from being exposed. This is good enough in our case.
We can't argue with good enough, but, as far as we can tell, it is possible, in the referer, at least, to "prevent the directory structure of internal weblogs from being exposed" by simply spoofing the referer field. Our Pingback client, for example, generates a referer to the relevant linking document, not the script sending the ping.
All this is really immaterial since Dave, like us after our run-in with the same problem, is at least thinking about controlling the dissemination of information on protected areas of his sites. It's a tedious and frustrating task worth the trouble.
On Selling Out
We've recently been accepted into the Google AdSense program and may begin serving ads on archive pages this week. It's an experiment we'll monitor closely for effectiveness. It'll be a glorious day when this site pays for itself or -- gasp! -- turns a (meager) profit, but those ads are damn ugly, so, you know, we'll see.