Tom’s Graphic Design Journal

There's been a large buzz about Google's code search and at first I was amazed! Anxious! ...and all that good stuff. However, the more I looked at it the more I realized how many security issues it must cause. I did a quick search for things like "password" or "db_password" and tried to see if it would spit out passwords. It seemed to return results with passwords encrypted...was this done in the code? Or by Google? I'm not sure.

Possible Security Issues?
I was also alerted to possible security vulnerabilities with various software I use in relation to Google's code search. So someone must be using it for something malicious.

I don't know if one could steal someone's password, or if they couldn't now. However, I certainly think encoding your source code will become a more popular thing. Zend, Source Guardian, IronCube are among just a few wonderful ways to protect your code. I personally use IronCube and LOVE it.

Hurting Open Source?
My feeling is that the point of Google's code search is to promote open source software...But I think if people fear their sensitive data stolen, or if there is ANY sort of wide scale security breach caused by Google code search, then people are going to turn to encrypting their code. This ultimately will hurt open source efforts...So could Google code search defeat the entire purpose of open source?

I mean, one could simply encode just the files that contain sensitive data (or use various programming methods to be more careful and to encrypt just their passwords and usernames which are even natively available in languages like PHP) but how many people are going to take that chance? I think this is good for companies like Zend and IonCube, etc. I think this is potentially bad for the open source community.

Usefulness of Google code search?
Generally speaking, a programmer doesn't need Google code search...they can find software that does something that they like and step into that community of developers for help. There are many many many large and friendly communities of programmers out there that can very often provide help. Aside from the fact that almost every piece of open source software out there has been forked a million times, finding code is already fairly easy in my opinion. I may use Google code search in the future, but it probably won't be my first place to turn. www.php.net does a VERY good job for PHP with their user contribution under their manual.

Bottom Line
I think you really need to know exactly what you're looking for to use Google code search effectively...and sometimes we don't always know exactly what we need...likewise I don't think we know exactly what we're going to get with Google code search. Good, bad, or indifferent.

   

There's been a large buzz about Google's code search and at first I was amazed! Anxious! ...and all that good stuff. However, the more I looked at it the more I realized how many security issues it must cause. I did a quick search for things like "password" or "db_password" and tried to see if it would spit out passwords. It seemed to return results with passwords encrypted...was this done in the code? Or by Google? I'm not sure.

Possible Security Issues?
I was also alerted to possible security vulnerabilities with various software I use in relation to Google's code search. So someone must be using it for something malicious.

I don't know if one could steal someone's password, or if they couldn't now. However, I certainly think encoding your source code will become a more popular thing. Zend, Source Guardian, IronCube are among just a few wonderful ways to protect your code. I personally use IronCube and LOVE it.

Hurting Open Source?
My feeling is that the point of Google's code search is to promote open source software...But I think if people fear their sensitive data stolen, or if there is ANY sort of wide scale security breach caused by Google code search, then people are going to turn to encrypting their code. This ultimately will hurt open source efforts...So could Google code search defeat the entire purpose of open source?

I mean, one could simply encode just the files that contain sensitive data (or use various programming methods to be more careful and to encrypt just their passwords and usernames which are even natively available in languages like PHP) but how many people are going to take that chance? I think this is good for companies like Zend and IonCube, etc. I think this is potentially bad for the open source community.

Usefulness of Google code search?
Generally speaking, a programmer doesn't need Google code search...they can find software that does something that they like and step into that community of developers for help. There are many many many large and friendly communities of programmers out there that can very often provide help. Aside from the fact that almost every piece of open source software out there has been forked a million times, finding code is already fairly easy in my opinion. I may use Google code search in the future, but it probably won't be my first place to turn. www.php.net does a VERY good job for PHP with their user contribution under their manual.

Bottom Line
I think you really need to know exactly what you're looking for to use Google code search effectively...and sometimes we don't always know exactly what we need...likewise I don't think we know exactly what we're going to get with Google code search. Good, bad, or indifferent.