How easily can someone access my web directory or tree and/or hide folders

Posted on 2008-01-24
Medium Priority
Last Modified: 2010-04-21
We want to have web galleries of children's portraits on our web site in a secure section. We are going to email the parents with the exact link to their own child's gallery. It will be an alfanumeric folder on the root directory of the site with no links from anywhere on the web site.

Can someone access my entire web directory and find folders that way?

I expect that a dedicated hacker can get into anything. I'm not worried about that. I am worried that a father/mother may everyone that it's easy to access all the images.

Everyone I know that is reasonably web/computer savy can't access the images without knowing the link.  I'm trying to determine how correct that is.  If you can comment, I'd appreciate it.

BTW, please do not tell me/post how to do it if you know, I just want to know the degree of expertise it takes.  We do not want to use passwords. Our trial with that was not good. We ned to have a customer click the link we email them and they're on their own chidl's gallery immediately.

Thanks, Doug
Question by:dax44
  • 2
  • 2
LVL 27

Assisted Solution

by:Cornelia Yoder
Cornelia Yoder earned 800 total points
ID: 20737286
I suggest a simple solution ... make your index file (the default when someone goes to your domain) an html that shows whatever you want, but has no links in it.  That way no one can get from there to the rest of your files without knowing the file names.

Then anyone can access any file, but only if they know the exact url/file name to do so.
LVL 10

Accepted Solution

Dxpert earned 1200 total points
ID: 20737345
Hey Doug,

Well if you ruled out password protection, I would say that the only people today that would be able to get to other folders containing pictures would be someone that really know what they are doing on the computer.

For example, if you have:


And you go and open this link www.MyDomain.com/Gallery/Child1 with a software that scans the websites folders like GetRight (http://getright.com/whatisit.html - read 2nd feature) does, then the person will be able to get to the other folders and pictures.

If you are just worried about the average mom and dad (not me ;-D) that can barely get online, then I guess the most you can do is make the folder names very difficult to guess.. something like www.MyDomain.com/Gallery/FullNameOfTheChild or even create a folder with auto generated random numbers: www.MyDomain.com/Gallery/88568/FullNameOfTheChild

Hope I helped...


Author Comment

ID: 20737619
OK, I should post what we had in mind to clarify:


There would be absolutely no links anywhere on the site to these, you could only access by clicking the link in their email or typing in the exact link.  I realize that if they are in a sub folder such as Gallery, you could find/hack it easier.

I'm positive that out of a thousand kids, there will be a least a few that are far more computer savy than i am since the area is the home to a number of IT companies. Reasonably secure is my goal.

Thanks, Doug
LVL 10

Expert Comment

ID: 20737878

I think what you have should work pretty well, but if you want to bump it up a little more, then you could create different HTML file names for each folder. Maybe use the first (or second or a combination) half of the folder name-something like: www.northlight.ca/amy12349smith35/amy12349.html 

That's all I can think...

Author Closing Comment

ID: 31424744
Great to confirm what we have been planning.  Thanks.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Create a Windows 10 custom Image with custom task bar and custom start menu using XML for deployment.
In this tutorial viewers will learn how to position overlapping items using z-index in CSS. They will also learn the restrictions on the z-index property.  Create a new HTML document with an internal stylesheet.: Create a div in CSS and name it Red.…
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question