Unrelated web pages on a server - a security hole?

Question

Unrelated web pages on a server - a security hole?

On my website, I have several html files that I don’t link to the main page of the portal. Without other people associated with them, is it possible for Jimmy the Evil Hacker to find them?

+4

html security

Paul nathan Oct 22 '08 at 5:15

source share

5 answers

Hidden pages are REALLY hard to find.

First, be absolutely sure that your web server never returns index pages by default. In settings and .htaccess use the following. Probably something similar for IIS.

 Options -Indexes

Secondly, make sure that the file name is not a dictionary word - the probability of guessing that words of a non-dictionary type fall on astronomically small. Without zero, there is a theoretical possibility that someone, somewhere, can patiently guess at every possible file name until it finds yours. [I hate these theoretical attacks. Yes, they exist. No, they will never happen in your life, unless you gave someone a reason to look for your hidden content.]

+3

S. Lott Oct 22 '08 at 9:51

source share

You talk about security through the unknown (google it), and you should never rely on it.

+2

flukus Oct 22 '08 at 5:17

source share

Yes it is.

+1

Nick stinemates Oct 22 '08 at 5:17

source share

It is unlikely that they will be found, but still possible.

The term "security through obscurity" comes to mind.

+1

C. Broadbent Oct 22 '08 at 5:18

source share

Darryl hein · Accepted Answer · 2008-10-22T05:18:20+0000

If someone accesses the pages with advanced options enabled on the Google toolbar, the address will be sent to Google. This is the only reason I can understand why I have some pages on Google.

So the answer is yes. Make sure you have a robots.txt file or even .htaccess or something like that.

Unrelated web pages on a server - a security hole?

More articles: