Re:
by "David Rapp" <David(at)rappd.freeserve.co.uk>
|
Date: |
Fri, 6 Aug 1999 18:40:01 +0100 |
To: |
<hwg-basics(at)hwg.org> |
References: |
erols |
|
todo: View
Thread,
Original
|
|
> If the server administrator disables virtual directory browsing,
> people with browsers cannot view the contents of a directory that
> doesn't have an
> index.html, default.html or whatever else that server uses as a home >
page. Further security can be gained by not allowing anonymous
> FTP or not allowing FTP at all (which is what we do).
An alternative to this is to create a blank page, call it
index/default/whatever.htm(l) and just stick it in the directory, anyone
visiting will get just that, unless they know the correct url of the pages,
most people will give up rather than type in a range of different names and
trying to get the correct extension.
You can make it more difficult by making the names obscure.
Of course .htaccess and .htpassword can also be set up to bar people access
to a directory without a password.
David Rapp
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA