Is there a good reason to hide the search box from users who aren't logged in?

By default it is hidden, but I'd like to enable the permission for anonymous users. However I'm wondering if there is a good reason for defaulting it to hidden? Security?

There are lots of posts about how to enable it, but nothing seems to mention the reason for it not being enabled by default.

Comments

tryitonce’s picture

... good question .... like to hear the answers as well.
Speculating ....

  • Early days - when sites are just starting - they usually have very limited content and searches might not be important.
  • Security - well, if a sites has most of its content directed at registered users then the "front end" of the site might be so limited, that a search is hardly required.
  • Strategy - to get people to register you offer them püerks for signing in - like "search" ...

What will be the "right" answer? .....

dman’s picture

Yeah, an OK question.

Standard 'safe' best-practices should start from a position of "restrict access, then open as needed"
Instead of the opposite.

If we set up a secure public server, everything is locked down.
Then we say "of course we want port 80 open"
And then ssh ... though maybe we should restrict that to authorized IPs .. etc
And that machine should not be able to access the web..
... unless we have good reason to do so, like pulling updates from drupal.org, debian OS mirrors, and maybe nominated aggregator sources etc.

All of this is a little annoying for folk who work from an insecure home connection fulltime, but it leads to better understanding of security.

Now,

This sort of thinking carries over to security-conscious system design.
It's best that installing/enabling an innocuous module does NOT inadvertently expose things you thought were hidden.

There are plenty of folk that think that things they put on the web are not available because they never linked to them. Hopefully you will understand that that is not true.
A huge number of the CMS security issues are about data that we would assume was hidden (possibly through neglect) unexpectedly being exposed. Most of the Drupal security alerts on second-party modules is about them not checking the 'published' status or 'view access' on content when enabled.

Anyway. TL;DR is:
You should CHOOSE to click the button that makes all your content searchable and available to the world by anonymous users.

Though this means an extra step for you during setup, it's the opportunity to stop and think.

This can be a discussion, and you can disagree with this "secure by design" approach, but this is the baseline expectation to start from. People complaining that data they thought was private being searchable would outweigh complaints about the reverse.

MiniEggs’s picture

Understood. But I'm still wondering if enabling search for anonymous users will open up the site for any kind of hurt, such as DDOS attacks or something.

For my particluar site there shouldn't be any specific privacy issues with content etc.. So i'm just wondering if there are any issues that i haven't thought of - or simply don't know about at all.

tryitonce’s picture

... no, there should be no risk.
It is more of a general idea of starting with the minimum and then you expand what privileges you want to grant users.
If you are happy that users do not register - just enable search for anonymous.
Other sites, where you want people to register may use this option as one of various carrots to make people sign up ......