bilis_money Posted March 16, 2007 Share Posted March 16, 2007 what is the dis advantage of this open directory listing of contents. someone told me to put .htacess or index.htm Is this a hole for hacking a website? Are the hackers can exploit this? Any comments please and good advice. thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/42927-open-directory-list-wha-is-the-disadvantage/ Share on other sites More sharing options...
Daniel0 Posted March 16, 2007 Share Posted March 16, 2007 Well, there is the disadvantage that people will know the locations of your folders and files. I don't think it is a major security issue though, unless of course there is some sensitive information there that can directly be viewed, but if there is, then you should either protect the file or place it outside of document root. If you just want to be sure, then place an index.html file or a .htaccess file that disables directory listing. Quote Link to comment https://forums.phpfreaks.com/topic/42927-open-directory-list-wha-is-the-disadvantage/#findComment-208637 Share on other sites More sharing options...
zq29 Posted March 16, 2007 Share Posted March 16, 2007 I believe it also displays your Apache and PHP version, and if you are using an out dated, and exploitable version, this could be an issue. Quote Link to comment https://forums.phpfreaks.com/topic/42927-open-directory-list-wha-is-the-disadvantage/#findComment-208709 Share on other sites More sharing options...
Daniel0 Posted March 16, 2007 Share Posted March 16, 2007 I believe it also displays your Apache and PHP version, and if you are using an out dated, and exploitable version, this could be an issue. I think a 403 error would do so as well, so if that is an issue, then an index file would be the only solution. Quote Link to comment https://forums.phpfreaks.com/topic/42927-open-directory-list-wha-is-the-disadvantage/#findComment-208738 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.