How safe is a hidden directory on my website?

If I had a "CopyFile" directory on my website and made sure it had an index.html file, it would make it difficult for anyone to find the contents of that directory.  Right?

But would it be impossible?  How safe is that as a temporary repository for confidential, but NOT top secret, data that I want to transfer between websites without using FTP?

What do you think?

And what would someone have to do to find the contents?

thanks,
newbieweb
newbiewebSr. Software EngineerAsked:
Who is Participating?
 
ll_jaxnCommented:
GUYS...

The useraccount running the  HTTP SERVER is the user who is accessing the file!
The best way to handle this is with a php or cgi script that will prompt you for a password and then list the directory contents for you to choose from.

hidden only means the are not listed in folders unles you set the folder options to show hidden files. So to answer your question.  No security comes from it.

You will need to exclude the directory with the HTTP server setup.
There is usually a .htaccess file in each directory with directives for the server reguarding file control.
http://httpd.apache.org/docs/1.3/howto/htaccess.html

Also, bots will scan your server all the time.

Most will respect the .robots.txt file
# /robots.txt file for http://webcrawler.com/
# mail webmaster@webcrawler.com for constructive criticism

User-agent: webcrawler
Disallow:

User-agent: lycra
Disallow: /

User-agent: *
Disallow: /tmp
Disallow: /logs


0
 
WikkardCommented:
Chances are that no one would be able to access the file, simply because they don't know the url. As long as the url is not linked from anywhere (which would give search engines a chance to find it) you should be ok.
But there is nothing stopping someone who knows the filename/url from downloading it.

"security through obscurity"
0
 
newbiewebSr. Software EngineerAuthor Commented:
Do search engines have access?
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
newbiewebSr. Software EngineerAuthor Commented:
thanks.  Crossed in the mail. Search engines only have it if it's poseted.  Thanks.

But, by me typing it into IE, don't they see it?
0
 
thenoneCommented:
If you take permissions off of that folder then it will be really safe.
0
 
MikkkCommented:
Wich web server do you have?
0
 
thenoneCommented:
Deny read for that folder
0
 
newbiewebSr. Software EngineerAuthor Commented:
But I want to use it to relay non-critical (but still private) files around the web.  Would I be able to read a private dir?
0
 
r-kCommented:
"Would I be able to read a private dir?"

Only if you gave the username and password to the person trying to download that file.

Rather than trying to "hide" the files, why not not place them in a password protected folder?
0
 
thenoneCommented:
ok then forget about the permissions. I would make the folder and it's content not link.
0
 
WikkardCommented:
You could setup password protection on a folder etc but since you only want to store the files there for a short period of time (while 'in transit') the chances of anyone else finding it are very slim.
If the information is critically sensitive you may want to reconsider moving it around on the unprotected internet anyway.
:-)
0
 
newbiewebSr. Software EngineerAuthor Commented:
can I make a password protected folder from FileZilla?  Or must I do it through the ISP control panel?

thanks.
0
 
thenoneCommented:
Most likely through the isp control panel
0
 
ll_jaxnCommented:
One more thing:

tell your HTTP server not to provide directory listings if there is not an index file.

Just give the 404.htm file.....PAGE NOT FOUND
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.