: Is it dangerous to keep Thumbs.db on a web server? Windows Thumbs.db system files that are in most of folders were uploaded with all other files from the localhost to the server. Is it dangerous,
Windows Thumbs.db system files that are in most of folders were uploaded with all other files from the localhost to the server.
Is it dangerous, if you forget to delete them on the server?
I am on shared hosting running *nix and Apache server.
More posts by @Murray155
4 Comments
Sorted by latest first Latest Oldest Best
I do not agree with the other answers. In some cases this is a low security risk but it could have a hugh impact. It is similar to allow directory browsing.
The attacker gets a list of file names that could be really bad if you think about a page like Facebook where images are pseudo hidden by there name.
If there would be a Thumbs.db in this folder you would get profile images and Facebook IDs of a few hundred users: fbcdn-profile-a.akamaihd.net/hprofile-ak-ash3/c170.50.621.621/s160x160/.
If there would be a Thumbs.db in every folder you could easily access all images and Facebook IDs of every single user. Using the ID you can query real names for every image, too. That would be hugh!
Also keep in mind that Thumbs.db are not updated by the server. So it it possible data of deleted images, too.
I would advice to delete all Thumbs.db from the web server. They do not belong there, they do not have any use, but they could be a risk.
I still think this file can be threat in some cases.
e.g.: it is a security hole when you don't want everyone to know the full image list you have in specific directory the Thumbs.db compromises this information. It stores information about the file names, modification times, thumbnail images can be fetched from it as well.
There is no direct threat from having Thumbs.db uploaded, even if people were able to download them they wouldn't get any information worth having.
It does maybe highlight an issues with your upload process though, this is one of the reasons why FTP is an inefficient way to upload files, extra files that you may not have intended to upload will go up.
Thumbs.db just contains thumbnail information for images. That way when you are browsing with file explorer you can quickly see them. It is not dangerous. It can safely be deleted or ignored.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.