How easily can someone access my web directory or tree and/or hide folders

We want to have web galleries of children's portraits on our web site in a secure section. We are going to email the parents with the exact link to their own child's gallery. It will be an alfanumeric folder on the root directory of the site with no links from anywhere on the web site.

Can someone access my entire web directory and find folders that way?

I expect that a dedicated hacker can get into anything. I'm not worried about that. I am worried that a father/mother may everyone that it's easy to access all the images.

Everyone I know that is reasonably web/computer savy can't access the images without knowing the link.  I'm trying to determine how correct that is.  If you can comment, I'd appreciate it.

BTW, please do not tell me/post how to do it if you know, I just want to know the degree of expertise it takes.  We do not want to use passwords. Our trial with that was not good. We ned to have a customer click the link we email them and they're on their own chidl's gallery immediately.

Thanks, Doug
dax44Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cornelia YoderArtistCommented:
I suggest a simple solution ... make your index file (the default when someone goes to your domain) an html that shows whatever you want, but has no links in it.  That way no one can get from there to the rest of your files without knowing the file names.

Then anyone can access any file, but only if they know the exact url/file name to do so.
0
DxpertCommented:
Hey Doug,

Well if you ruled out password protection, I would say that the only people today that would be able to get to other folders containing pictures would be someone that really know what they are doing on the computer.

For example, if you have:

www.MyDomain.com/Gallery/Child1
www.MyDomain.com/Gallery/Child2
www.MyDomain.com/Gallery/Child3
www.MyDomain.com/Gallery/Child4
www.MyDomain.com/Gallery/Child5

And you go and open this link www.MyDomain.com/Gallery/Child1 with a software that scans the websites folders like GetRight (http://getright.com/whatisit.html - read 2nd feature) does, then the person will be able to get to the other folders and pictures.

If you are just worried about the average mom and dad (not me ;-D) that can barely get online, then I guess the most you can do is make the folder names very difficult to guess.. something like www.MyDomain.com/Gallery/FullNameOfTheChild or even create a folder with auto generated random numbers: www.MyDomain.com/Gallery/88568/FullNameOfTheChild

Hope I helped...

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dax44Author Commented:
OK, I should post what we had in mind to clarify:

www.northlight.ca/amy12349smith35/iframe.html
www.northlight.ca/645john52342jones/iframe.html
www.northlight.ca/9854william87362j/iframe.html
....

There would be absolutely no links anywhere on the site to these, you could only access by clicking the link in their email or typing in the exact link.  I realize that if they are in a sub folder such as Gallery, you could find/hack it easier.

I'm positive that out of a thousand kids, there will be a least a few that are far more computer savy than i am since the area is the home to a number of IT companies. Reasonably secure is my goal.

Thanks, Doug
0
DxpertCommented:

I think what you have should work pretty well, but if you want to bump it up a little more, then you could create different HTML file names for each folder. Maybe use the first (or second or a combination) half of the folder name-something like: www.northlight.ca/amy12349smith35/amy12349.html 

That's all I can think...
0
dax44Author Commented:
Great to confirm what we have been planning.  Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.