Are 'hidden' web pages secure?

Networking/Security Forums -> General Security Discussion

Author: Mr_PersistentLocation: East Coast PostPosted: Wed Oct 27, 2010 9:15 pm    Post subject: Are 'hidden' web pages secure?
I have a page on a web site, in its own subdirectory--IOW, at website/subdirectory/hiddenpage, with no listing of the page in website/subdirectory/index, and no external references anywhere to the page. No password is needed to get to this page.

How secure is this page? Of course, a person who FTP'd to the subdirectory could get a listing of pages, then learn the name, and go to the page. But for that, the person would have to have the password for FTP.

And of course, someone who was able to get access to the records or disks of the host could learn the name of the page.

But aside from these (out of the ordinary) situations, how difficult would it be for someone to find or go to the page, if the person did not know the specific name of the page?

Author: Erfiug PostPosted: Wed Oct 27, 2010 9:52 pm    Post subject:
it depends on the complexity of the name, if the directory has a "unguessable" name, and is not indexed by any spider, then you are safe.

Networking/Security Forums -> General Security Discussion

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group