SitePoint Sponsor

User Tag List

Results 1 to 15 of 15

Thread: http directory

  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Arrow http directory

    if i got 1 of my http directory where i keep important things in to redirect to a html page i made CAN ANYBODY ACCESS/HACK THAT DIRECTORY?

  2. #2
    SitePoint Wizard Nikolas's Avatar
    Join Date
    Feb 2005
    Location
    Greece
    Posts
    1,221
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am not sure what you are talking about, but as this stuff going to be on a http directory, they will be accesible by others

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    im talking about accessing the folders http://www.domain.com/folder/

  4. #4
    SitePoint Wizard Nikolas's Avatar
    Join Date
    Feb 2005
    Location
    Greece
    Posts
    1,221
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. It can be accessed. Maybe a .htaccess restriction will solve this problem

  5. #5
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Nikolas
    Yes. It can be accessed. Maybe a .htaccess restriction will solve this problem
    i dont have that type of access to restrict that

    ummmm what are the ways people can get in?

  6. #6
    SitePoint Wizard Nikolas's Avatar
    Join Date
    Feb 2005
    Location
    Greece
    Posts
    1,221
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wait a minute.

    If you mean to get your php code, it is impossible.

    If you mean getting a html file they can grab it by http://yoursite/folder/file.html

    If you have directory browsing allowed on your server this will be easier

  7. #7
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    they gotta know the file name? is that the only way?

  8. #8
    SitePoint Wizard Nikolas's Avatar
    Join Date
    Feb 2005
    Location
    Greece
    Posts
    1,221
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. except if you have enabled the directory browsing in your site, so they must know the directory.

  9. #9
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it is enabled....people can easily browse any other directory but the important directory i put a inde page in it and when you try going to the directory it goes there instead

  10. #10
    SitePoint Enthusiast louis11's Avatar
    Join Date
    Jul 2004
    Location
    United States of America
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    .htaccess should fix the problem. Also keep the index page, that might help out a bit. But htaccess will fix the problem as you can prevent directory listing, and even require authorization to view that specified directory.

  11. #11
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by louis11
    .htaccess should fix the problem. Also keep the index page, that might help out a bit. But htaccess will fix the problem as you can prevent directory listing, and even require authorization to view that specified directory.

    i understand all that...whats wrong with just the index page being there???

  12. #12
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Its what they call security through obscurity. The barrier to entry is simply someone not knowing the correct file name.

    If it is sensitive enough to be worried about it getting out, one should first consider weather or not it should be on the web in the first place. If it must be web accessible, put it behind a password protected direcory (using htaccess) at the very least. Still vulnerable as all the authentication is sent in the clear, but it will keep casual hackers out. If you can get an SSL certificate it becomes much more secure.

  13. #13
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    as i said before i dont have root access to do all that

    so guessing the file name is the only way in?

  14. #14
    Non-Member
    Join Date
    Sep 2005
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you dont want some one to see what you got in that directory even if it is on the http server just RIGHT click on the folder and take off the right to list or access to it excepte administrator and you are done

  15. #15
    SitePoint Enthusiast
    Join Date
    Aug 2005
    Location
    i dont know
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by faxreport
    if you dont want some one to see what you got in that directory even if it is on the http server just RIGHT click on the folder and take off the right to list or access to it excepte administrator and you are done
    i know all that but im afraid i dont have access to do all that and my question is whats wrong with just putting a index page, how can someone get in


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •