: You certainly could access the files in a web browser or other HTTP client, either by brute-force attack on filenames, or, more likely, because the URL of one of the pages has leaked out.
You certainly could access the files in a web browser or other HTTP client, either by brute-force attack on filenames, or, more likely, because the URL of one of the pages has leaked out. This typically happens if a link or image on one of the pages leads to another server, passing a referrer URL. All it takes is one server (or proxy) log to make the URL public and it will be easily discoverable by Google.
URL obscurity is not a good way to protect sensitive information. If the pages are meant to be viewed only by authorised users, deploy an authentication scheme such as HTTP Basic Authentication (eg via .htaccess); if they are not meant to be viewable through the web at all, keep them in a directory outside of the web root.
More posts by @Vandalay111
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.