We help IT Professionals succeed at work.

How easily can someone access my web directory or tree and/or hide folders

dax44 asked
We want to have web galleries of children's portraits on our web site in a secure section. We are going to email the parents with the exact link to their own child's gallery. It will be an alfanumeric folder on the root directory of the site with no links from anywhere on the web site.

Can someone access my entire web directory and find folders that way?

I expect that a dedicated hacker can get into anything. I'm not worried about that. I am worried that a father/mother may everyone that it's easy to access all the images.

Everyone I know that is reasonably web/computer savy can't access the images without knowing the link.  I'm trying to determine how correct that is.  If you can comment, I'd appreciate it.

BTW, please do not tell me/post how to do it if you know, I just want to know the degree of expertise it takes.  We do not want to use passwords. Our trial with that was not good. We ned to have a customer click the link we email them and they're on their own chidl's gallery immediately.

Thanks, Doug
Watch Question

I suggest a simple solution ... make your index file (the default when someone goes to your domain) an html that shows whatever you want, but has no links in it.  That way no one can get from there to the rest of your files without knowing the file names.

Then anyone can access any file, but only if they know the exact url/file name to do so.
Hey Doug,

Well if you ruled out password protection, I would say that the only people today that would be able to get to other folders containing pictures would be someone that really know what they are doing on the computer.

For example, if you have:


And you go and open this link www.MyDomain.com/Gallery/Child1 with a software that scans the websites folders like GetRight (http://getright.com/whatisit.html - read 2nd feature) does, then the person will be able to get to the other folders and pictures.

If you are just worried about the average mom and dad (not me ;-D) that can barely get online, then I guess the most you can do is make the folder names very difficult to guess.. something like www.MyDomain.com/Gallery/FullNameOfTheChild or even create a folder with auto generated random numbers: www.MyDomain.com/Gallery/88568/FullNameOfTheChild

Hope I helped...


OK, I should post what we had in mind to clarify:


There would be absolutely no links anywhere on the site to these, you could only access by clicking the link in their email or typing in the exact link.  I realize that if they are in a sub folder such as Gallery, you could find/hack it easier.

I'm positive that out of a thousand kids, there will be a least a few that are far more computer savy than i am since the area is the home to a number of IT companies. Reasonably secure is my goal.

Thanks, Doug


I think what you have should work pretty well, but if you want to bump it up a little more, then you could create different HTML file names for each folder. Maybe use the first (or second or a combination) half of the folder name-something like: www.northlight.ca/amy12349smith35/amy12349.html 

That's all I can think...


Great to confirm what we have been planning.  Thanks.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.