• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1416
  • Last Modified:

How safe is a hidden directory on my website?

If I had a "CopyFile" directory on my website and made sure it had an index.html file, it would make it difficult for anyone to find the contents of that directory.  Right?

But would it be impossible?  How safe is that as a temporary repository for confidential, but NOT top secret, data that I want to transfer between websites without using FTP?

What do you think?

And what would someone have to do to find the contents?

thanks,
newbieweb
0
newbieweb
Asked:
newbieweb
  • 4
  • 4
  • 2
  • +3
3 Solutions
 
WikkardCommented:
Chances are that no one would be able to access the file, simply because they don't know the url. As long as the url is not linked from anywhere (which would give search engines a chance to find it) you should be ok.
But there is nothing stopping someone who knows the filename/url from downloading it.

"security through obscurity"
0
 
newbiewebAuthor Commented:
Do search engines have access?
0
 
newbiewebAuthor Commented:
thanks.  Crossed in the mail. Search engines only have it if it's poseted.  Thanks.

But, by me typing it into IE, don't they see it?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
thenoneCommented:
If you take permissions off of that folder then it will be really safe.
0
 
MikkkCommented:
Wich web server do you have?
0
 
thenoneCommented:
Deny read for that folder
0
 
newbiewebAuthor Commented:
But I want to use it to relay non-critical (but still private) files around the web.  Would I be able to read a private dir?
0
 
r-kCommented:
"Would I be able to read a private dir?"

Only if you gave the username and password to the person trying to download that file.

Rather than trying to "hide" the files, why not not place them in a password protected folder?
0
 
thenoneCommented:
ok then forget about the permissions. I would make the folder and it's content not link.
0
 
WikkardCommented:
You could setup password protection on a folder etc but since you only want to store the files there for a short period of time (while 'in transit') the chances of anyone else finding it are very slim.
If the information is critically sensitive you may want to reconsider moving it around on the unprotected internet anyway.
:-)
0
 
newbiewebAuthor Commented:
can I make a password protected folder from FileZilla?  Or must I do it through the ISP control panel?

thanks.
0
 
thenoneCommented:
Most likely through the isp control panel
0
 
ll_jaxnCommented:
GUYS...

The useraccount running the  HTTP SERVER is the user who is accessing the file!
The best way to handle this is with a php or cgi script that will prompt you for a password and then list the directory contents for you to choose from.

hidden only means the are not listed in folders unles you set the folder options to show hidden files. So to answer your question.  No security comes from it.

You will need to exclude the directory with the HTTP server setup.
There is usually a .htaccess file in each directory with directives for the server reguarding file control.
http://httpd.apache.org/docs/1.3/howto/htaccess.html

Also, bots will scan your server all the time.

Most will respect the .robots.txt file
# /robots.txt file for http://webcrawler.com/
# mail webmaster@webcrawler.com for constructive criticism

User-agent: webcrawler
Disallow:

User-agent: lycra
Disallow: /

User-agent: *
Disallow: /tmp
Disallow: /logs


0
 
ll_jaxnCommented:
One more thing:

tell your HTTP server not to provide directory listings if there is not an index file.

Just give the 404.htm file.....PAGE NOT FOUND
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now