Ask The Trades - website directories

Welcome, Guest. Please Login or Register

	May 18^th, 2024, 3:04pm
View recently thanked users View top thanked users

Quote: Never look down on anybody unless you're helping him up - Jesse Jackson

Ask The Trades › DIY Forum › Alarms, Phones, Aerials, CCTV & Datacomms › website directories

(Moderator: Lectrician) - (Moderator Group: Board Moderator)

< Previous Topic | Next Topic >

Pages: 1

website directories (Read 2938 times)

Lectrician

Administrator
Trade Member
Author

Offline

Ask The Trades
Posts: 8814

Total Thanks: 109
For This Post: 0

Braunton, North Devon
United Kingdom
Gender: male

Trade: Electrician

website directories
Nov 7^th, 2005, 5:14pm

If I had a site with a directory inside the root....

www.myurl.co.uk/directory

with a index.html file in this dir, this index.html would open automatically.

with no index.html, some browsers combinded with some servers would display the contents of the dir as a file list.

If you didn't know what the directory was called, could you still gain access to it??

I think what I am asking is, is there a way to list what files are on a server from the url?? what about files placed in the root of my site? Can they be accessed if you don't know the name??

I am looking at protecting a directory with the use of .htaccess files, so only my employees can access reference material online. I was just thinking that if the directory name was a garble of letters, could anyone figure out what the directory name was, and gain access to the files within??

« Last Edit: Nov 7^th, 2005, 5:15pm by Lectrician »

Need to post a picture? Click HERE for info!

IP Logged

HandyJon

GDPR opt-out

Total Thanks: 109
For This Post: 0

Re: website directories
Reply #1 - Nov 9^th, 2005, 10:58pm

If the directory has a index.html (or similar) file and the server has been configured to serve it whenever the directory is referenced via the URL then a sub directory cannot be used unless you know the name of it. So, yes, if you used a obscure encrypted name for the sub directory then it's pretty secure from prying eyes. By using the .htaccess rules it should be secure from accidental access too. If the root contains the index.html file then you need to access the URL directly to gain access to it. Many membership only sites use this rule, though the moment someone publishes the obscure name, it's not secure so they regularly change the names.

IP Logged

CWatters Super Member Offline "Daddy fick it" says James Posts: 5150 Total Thanks: 58 For This Post: 0 Gender:	Re: website directories Reply #2 - Nov 11^th, 2005, 3:51pm Just make sure you don't put any images in the directory that appear on the Index page. If you do that someone could look at the source code to find the directory name.
Back to top	IP Logged

plugwash Administrator Offline I love YaBB 1G - SP1! Posts: 1383 Total Thanks: 0 For This Post: 0 Trade: Not Specified	Re: website directories Reply #3 - Nov 13^th, 2005, 1:29am using a secret url to keep stuff out of public view is a VERY bad idea. All it takes is one of your legitimate users to be using something like the google or alexa toolbars and that url can get into public indexes.
Back to top	IP Logged

Lectrician Administrator Trade Member Author Offline Ask The Trades Posts: 8814 Total Thanks: 109 For This Post: 0 Braunton, North Devon United Kingdom Gender: Trade: Electrician	Re: website directories Reply #4 - Nov 13^th, 2005, 9:15am So .htaccess and .htpasswd is the way to go.....either that or sessions?
Back to top	Need to post a picture? Click HERE for info! IP Logged

Pages: 1

(Moderator: Lectrician) - (Moderator Group: Board Moderator)

< Previous Topic | Next Topic >

Ask The Trades › DIY Forum › Alarms, Phones, Aerials, CCTV & Datacomms › website directories