: How transparent is a randomly named directory or file? Possible Duplicate: Are files in a hidden directory safe? Let's pretend that I have a website and want to keep personal notes
Possible Duplicate:
Are files in a hidden directory safe?
Let's pretend that I have a website and want to keep personal notes on it.
If I make a directory like mysite.com/84eW93e7 or mysite.com/34aWe897.txt
where the letters and numbers are random so randomly guessing the file or directory name are impractical.
How secure is this directory? Could someone still discover the existence of the file or directory assuming directory listing is off? If so, how would they find out?
Of course this isn't something I would do, I'm just curious.
More posts by @Shelton105
2 Comments
Sorted by latest first Latest Oldest Best
I would say it's quite secure if it's a secret and you can make it a random name. What Su is talking about is maybe good for the business but it's like the difference between tactic and strategy. As long as you can keep it a secret then nobody knows. I could also brute-force a .htaccess authentification. Just stop asking everybody.
What you're describing has a name: security through obscurity. There are arguments for and against it as a concept, but for formal/professional purposes, it "has never achieved engineering acceptance as an approach to securing a system."
Even if you disallow directory listing, if the name is guessed somehow there will still be an indication that there is a directory by that name, as opposed to an actual 404. Try it. This could fail against something as simple as a brute-force attack(aaaa, aaab, aaac, etc). So now someone's figured out the directory, and can start trying filenames with the same method. Where you say "impractical" it's really "matter of time," where the amount of time required depends on the length of your randomized naming. It would be much easier(and safer) to actually implement even simple, but actual, security measures, like htaccess authentication.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.