Reputation: 3018
Can someone know the files inside a directory from outside the server?
I have web application that will store some files inside a directory called items, and each item will have it's own directory.
The question is if the directory has an index.html page can anyone knows what the names of files might be ?
more explanation
http://www.mysite.com/items/item-734783HH/
inside item-734783HH there will be 2 files
-index.html
-secureFile.zip
The secureFile name will be hashed. Is there anyway to steal this file from the web ? that's my real concern
Also, I am using PHP for copying this file and give it to the user when the purchase is complete.
Upvotes: 0
Views: 71
Answers (1)
Reputation: 53617
short answer, but only "usually" true: no.
long version for the short version: if you have an index.html then going to http://www.mysite.com/items/item-734783HH/ will serve up http://www.mysite.com/items/item-734783HH/index.html instead. Users will not see a directory listing, so they either have to know those files already exist, or guess them.
actually true answer: only you can tell us. It depends on the server you're using in combination with PHP, and what you've told it to autoresolve to when someone hits a route that does not indicate a file but a directory. It also depends on whether you blacklist/whitelist files based on file patterns, like a "DENY FROM ALL" for files that start with ".", etc.
It's probably time to learn more about how your server works. The internet has a lot of good information on that.
Upvotes: 1
Related Questions
- Is it secure for PHP to access files above the document root?
- PHP - Security in accessing files outside of web root
- Password protected directory and files in PHP
- Protecting Secret Data from compromise
- How to let a user securely access files on the server
- PHP file security on webserver
- How to protect files from outside?
- How to protect all directory contents, but gain access to php script
- Prevent access to files outside a certain directory in PHP
- Folder security?