[thelist] Hide entire directory from search engines?
Stephen Rider
evolt_org at striderweb.com
Sun Mar 30 10:50:11 CDT 2008
On Mar 29, 2008, at 11:20 AM, Hassan Schroeder wrote:
> On Sat, Mar 29, 2008 at 7:32 AM, Stephen Rider <evolt_org at striderweb.com
> > wrote:
>> If nothing links to them, the bots shouldn't find them anyway.
>
> In theory that's true, but it only takes one inadvertent exposure --
> via
> archived email that gets spidered, or whatever -- to blow that
> cover. :-)
Very true. "Security through obscurity" is lightweight.
> It's not something I'd count on for sensitive material, and too
> often an
> 'include' will contain things like DB passwords that you *really*
> don't
> want public.
However, if the includes are in PHP and properly coded, a hacker
should only see the _results_ of the code and not the code itself, am
I correct?
Damn, I knew I shouldn't have put the password in the filename! ;)
> Outside the web root or password-protected (or in Java, in WEB-INF)
> is much safer.
True. If you already have a gazillion pages pointing to a particular
include, you could move the actual includes to a folder above the web
root, and then put up like-named PHP files that require() the actual
includes.
Hopefully there aren't hundreds of includes in that case. Depends on
how secure is secure for you. :)
Stephen
More information about the thelist
mailing list