Anonymous users can find content restricted for authenticated users.

Speaking broadly no, the search module should never expose private data.

Your post seems to confuse the concept of blocks and nodes, though. Can you provide more detail?

I am a newbie and I understood perfectly what the original poster wrote. Create content that should only been seen by an authenticated user put that specific http:/blah.blah.org(i.e. financial statements) into the block body. Great that works, only roles permitted see it from the web site view. Now give anonymous user permission to use Search if they search on "financial" the secure block content is found and is viewable.

Did this help?

I even created a new content type called financial_type but I do not know how to tell the block that this type should be tied to that block.

I am using OS:XP, Drupal 6.15 Core, xampp

If you are putting private content into nodes than you must use an access control module. See http://drupal.org/node/270000

Setting the role visibility for a specific block only affects the block itself, it doesn't protect any underlying nodes that may be displayed there. (you didn't explain how the node content is added to a block, but this would be true with Views or any other method).

Without proper access control, your private data will not only be visible in search results, but also in /rss.xml, and also via dictionary attack if someone starts requesting all nodes in sequence (node/1, node/2, node/3, etc).

Thanks!!! So I created a taxonomy keyword that I related to all node types that I use. I then set this keyword to all roles that I want to give access or not to give access to by using the A-I-D thingie. My testing showed that it worked.

I really don't understand why anyone would use permissions on nodes.

Thanks again...

PS. The original documentation on taxonomy and taxonomy permissions is probably very easy to understand for the theory guys. Sadly, I am not one of those people. Examples in the documentation would go along way for us numbskulls.