xfusion Posted September 12, 2007 Share Posted September 12, 2007 Hey, I am creating a website, but there are two vulnerabilities that I can not seem to patch. I have a directory (/data/uploaded), this directory contains uploaded files which currently can be accessed (if someone figures out the directory) through the URL bar but I don't want them to be. The only way that these files should be accessed is by a .swf file. The second issue is: I have a .php file, this script is accessed by a .swf file, I don't want it to be accessed by anything other than the .swf file as it contains some sensitive information. What ways can I solve these issues? I've seen similar questions posted when I searched the forums, but I've never seen an answer that has solved the problem. I hope I have better lock . Quote Link to comment Share on other sites More sharing options...
xyn Posted September 12, 2007 Share Posted September 12, 2007 If using Apache; .htaccess Options All -Indexes Quote Link to comment Share on other sites More sharing options...
sayedsohail Posted September 12, 2007 Share Posted September 12, 2007 sorry i have the same problem, can you please explain what Options All -Indexes will do? please. Quote Link to comment Share on other sites More sharing options...
xyn Posted September 12, 2007 Share Posted September 12, 2007 stops autoIndexes being made by apacher instead where a directory has no index it will hide files and folders etc. with 403. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.