Re: blocking directory access
From: Jack Brewster (jbrewsterPLEASENO@SPAMnthurston.k12.wa.us)
Date: 05/24/02
- Next message: Jack Brewster: "Re: IIS not serving asp pages"
- Previous message: Ilan Sredni: "IIS not serving asp pages"
- In reply to: john king: "blocking directory access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jack Brewster" <jbrewsterPLEASENO@SPAMnthurston.k12.wa.us> Date: Fri, 24 May 2002 08:43:32 -0700
If the directory is within your web, and not protected via NTFS permissions,
then if someone were to guess a directory name and enter it, then it would
be available. Just because the content isn't linked doesn't mean it
inaccessible, just difficult to find. If you use logical directory names it
might be easy to guess what others are.
This method is common when devloping new content on a single server. You
put your pages out on an 'island' and let your testers and reviewers know
the address, but no one else. It functions as a normal part of your site.
Jack
"john king" <arocheking@yahoo.com> wrote in message
news:716801c2028a$bd369ad0$9ae62ecf@tkmsftngxa02...
> Someone browsed a directory that isn't linked to any of
> our publick pages (nothing critical or private, just not
> linked to the public pages).
>
> 1. would this have required some kind of site grabbing
> utility to act like a search engine and spider the
> directory?
>
> 2. what are my options for blocking this? (I can think of
> a couple possibilities but I'd like to get better ideas)...
- Next message: Jack Brewster: "Re: IIS not serving asp pages"
- Previous message: Ilan Sredni: "IIS not serving asp pages"
- In reply to: john king: "blocking directory access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
