View previous topic :: View next topic |
Author |
Message |
jtc970 -
Joined: 24 Mar 2003 Posts: 172
|
Posted: Tue Aug 19, 2003 7:02 pm Post subject: cgi-bin files can be viewed with direct url |
|
|
I need to hide my dat files from being viewed on a browser
they are in cgi-bin\blahblah\file.dat
someone got my password and changed it
how can I stop them from seeing these files? |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Wed Aug 20, 2003 12:19 pm Post subject: Re: cgi-bin files can be viewed with direct url |
|
|
jtc970 wrote: | I need to hide my dat files from being viewed on a browser
they are in cgi-bin\blahblah\file.dat
someone got my password and changed it
how can I stop them from seeing these files? |
The best thing is to put these files in a directory not reachable by web users and to change the paths in your script to point to the new file location. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
pellinor -
Joined: 02 Oct 2003 Posts: 7
|
Posted: Thu Oct 02, 2003 10:08 pm Post subject: Related question: how do I hide files I *CAN'T* move |
|
|
Let's say I'm developing a web app or I have some code from a third party.
It's based on PHP, and the convention is that files meant to be seen have
extensions of .php, .php3, or .php4. Code snippets or code libraries have
different extensions to differentiate them, like .inc or .pclass, or whatever.
Is there a way that I can block access to these private files, should
someone else have learned the names of the files I have by looking at
that 3rd party package or by random URL guessing? As it is now, if they
know the name, they can get the server to spit the text of the code for
their perusal.
Would a good approach be to have a CGI interpreter associated with those
file extensions that would simply spit out a blank page, a 401/403 error or
even a 404 to hide those files' existence?
If so, what would be a good way to get my hands on such an interpreter.
Does something like this already exist?
M |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Sat Oct 04, 2003 1:22 pm Post subject: Re: Related question: how do I hide files I *CAN'T* move |
|
|
The best thing to do to "hide" the files with extensions inc, pclass, etc... is to associate these extensions with a non CGI interpreter, for example, associate them with notepad.exe .
Since notepad.exe is not a CGI interpreter, the server will always report error 500 when someone tries to access these files from the web site directly. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
|