Web Site Security

Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic

I constantly remind people in this forum of security issues when they want to add something to their website and don't look at the security issues.  In reading http://www.smashingmagazine.com/2010/01/14/web-security-primer-are-you-part-of-the-problem/ this article I was somewhat surprised to find that my server allowed people to type in a folder name and list all the files in it.  So even though I had no link to the file in my site someone could access it by just typing in http://domainname.com/foldername and a list of all my files would come up.  My server allows me to turn this off, which I did immediately.  
By reading this article it also tells you that this allows for attacks on your email if it is provided by thru your domain.

It was very interesting reading and I thought I would share.

Edited by tcertain - 14 Jan 2010 at 8:50pm

Author	Message Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search Topic Options Post Reply Create New Topic
tcertain Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Moderator Group Joined: 04 Apr 2008 Location: United States Online Status: Offline Posts: 1837	Post Options Post Reply Quote tcertain Report Post Quote Reply Topic: Web Site Security Posted: 14 Jan 2010 at 6:21pm
	I constantly remind people in this forum of security issues when they want to add something to their website and don't look at the security issues. In reading http://www.smashingmagazine.com/2010/01/14/web-security-primer-are-you-part-of-the-problem/ this article I was somewhat surprised to find that my server allowed people to type in a folder name and list all the files in it. So even though I had no link to the file in my site someone could access it by just typing in http://domainname.com/foldername and a list of all my files would come up. My server allows me to turn this off, which I did immediately. By reading this article it also tells you that this allows for attacks on your email if it is provided by thru your domain. It was very interesting reading and I thought I would share. Edited by tcertain - 14 Jan 2010 at 8:50pm
	TCertain

Sponsored Links

Bryon Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 08 Feb 2008 Location: United States Online Status: Offline Posts: 191	Post Options Post Reply Quote Bryon Report Post Quote Reply Posted: 21 Mar 2010 at 3:52am
	I learned that along time ago, never put a folder up that doesnt have a base file in it, especially if it contains inportant inof. Base files are extentions of .html. htm. php. .aspx and such, that way any attemp to access the folder will bring up a base file, no file names. It works even if the file is empty like a text file with the extention changed.