http://www.lampdocs.com/blog/2008/06/16/how-to-deny-directory-listing-using-htaccess/ Linux, Apache, MySQL, PHP: Docs, Tricks and Secrets Tue, 06 Jan 2009 23:26:34 +0000 http://wordpress.org/?v=2.7 hourly 1 http://www.lampdocs.com/blog/2008/06/16/how-to-deny-directory-listing-using-htaccess/comment-page-1/#comment-13685 admin Mon, 01 Dec 2008 04:32:26 +0000 http://www.lampdocs.com/blog/?p=84#comment-13685 Agree with you ... and don't agree. :) For example, check here: http://www.tech-evangelist.com/2008/02/13/protect-directory/ - there are some reasons why doing so is insecure. If you don't have enough experience in PHP programming or site management, it is better not to leave directory listings. Directory listing itself doesn't represent a security issue, but only when you're completely sure everything is OK with the files listed. Agree with you … and don’t agree. For example, check here: http://www.tech-evangelist.com/2008/02/13/protect-directory/ - there are some reasons why doing so is insecure. If you don’t have enough experience in PHP programming or site management, it is better not to leave directory listings. Directory listing itself doesn’t represent a security issue, but only when you’re completely sure everything is OK with the files listed.

]]> http://www.lampdocs.com/blog/2008/06/16/how-to-deny-directory-listing-using-htaccess/comment-page-1/#comment-13682 Yes Mon, 01 Dec 2008 03:59:07 +0000 http://www.lampdocs.com/blog/?p=84#comment-13682 This is hardly a security issue (unless your site is designed in an insecure way). While it's not helping security to list the files in a web directory, you shouldn't have to worry about it unless you have a flawed method of security. Seriously, this is not a security hole by any means and is definitely not an emergency. It's more of a preference if you want files to be listed or not. I repeat, this is only a security concern if you have lose, web accessible files, that happen to have sensitive information in them that can be viewed by any requester's web browser -- and that would be an awful site design on the user's part, if so. This is hardly a security issue (unless your site is designed in an insecure way). While it’s not helping security to list the files in a web directory, you shouldn’t have to worry about it unless you have a flawed method of security. Seriously, this is not a security hole by any means and is definitely not an emergency. It’s more of a preference if you want files to be listed or not. I repeat, this is only a security concern if you have lose, web accessible files, that happen to have sensitive information in them that can be viewed by any requester’s web browser — and that would be an awful site design on the user’s part, if so.

]]>