CODEWITHSUNDEEP
linuxapachesecuritydirectoryweb-folders
Haradzieniec
Haradzieniec

Reputation: 9338

Security: Is it a good practice to name folders on the server that are difficult to guess?

Security question: Is it a good practice to name folders on the server by names that are difficult to guess (8+ symbols, not a simple "admin" or "services")? I'm asking about folders that contain not just icons or .js files or .css files, but .php files and are protected by .htaccess file (deny from all).

Upvotes: 1

Views: 166

Answers (3)

Dave Newton
Dave Newton

Reputation: 160261

No. Security through obscurity isn't.

Plus it's really irritating for anybody using the machine via a shell, ftp, etc.

What would it protect against? Regardless of names, folder access should be handled by the machine's and/or network's normal security mechanisms. If they get past that, it doesn't matter what your artifacts are named–Ur PwNeD.

Upvotes: 9

Alex Howansky
Alex Howansky

Reputation: 53581

Good practice would be to keep your PHP files outside your web server's document root. E.g., if your doc root is /var/www, then you might have there just a single index.php file, and all that file does is launch your app:

set_include_path('/something/besides/var/www');
require_once 'foo.php';
require_once 'bar.php';
do_something();

This way, your web server doesn't even know that the PHP files exist, and can't serve them even if you have an accidentally misconfigured .htaccess.

Upvotes: 3

Gazler
Gazler

Reputation: 84180

This is security through obscurity. While there is no harm in doing it , It doesn't give anything in terms of security.

Upvotes: 2

Related Questions