: Actually, if the web server and/or permissions aren't set up right, they can access the files with a web browser. Anyone who knows (or guesses) the names of files within the directory can
Actually, if the web server and/or permissions aren't set up right, they can access the files with a web browser. Anyone who knows (or guesses) the names of files within the directory can get them just fine. index.html only hides the directory listing, and the same thing can be done by disabling directory indexes for that directory.
In a .htaccess file, you can do it like
Options -Indexes
If you don't want random strangers to access the directory or the files in it, you can tell the web server to require authentication for that directory.
AuthType basic
AuthName Private
AuthUserFile /path/to/htpasswd
Require valid-user
and set up an 'htpasswd' file that contains the names and passwords of users you want to allow.
For IIS, it's a little easier if you have admin access to the server (and particularly if FrontPage Server Extensions are installed). Just set the permissions on the directory.
More posts by @Welton855
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.