douzha6055 2013-09-21 00:43
浏览 30

有人可以从服务器外部知道目录中的文件吗?

I have web application that will store some files inside a directory called items, and each item will have it's own directory.

The question is if the directory has an index.html page can anyone knows what the names of files might be ?

more explanation 

 http://www.mysite.com/items/item-734783HH/

inside item-734783HH there will be 2 files

 -index.html
 -secureFile.zip

The secureFile name will be hashed. Is there anyway to steal this file from the web ? that's my real concern

Also, I am using PHP for copying this file and give it to the user when the purchase is complete.

  • 写回答

1条回答 默认 最新

  • ds2321 2013-09-21 00:51
    关注

    short answer, but only "usually" true: no.

    long version for the short version: if you have an index.html then going to http://www.mysite.com/items/item-734783HH/ will serve up http://www.mysite.com/items/item-734783HH/index.html instead. Users will not see a directory listing, so they either have to know those files already exist, or guess them.

    actually true answer: only you can tell us. It depends on the server you're using in combination with PHP, and what you've told it to autoresolve to when someone hits a route that does not indicate a file but a directory. It also depends on whether you blacklist/whitelist files based on file patterns, like a "DENY FROM ALL" for files that start with ".", etc.

    It's probably time to learn more about how your server works. The internet has a lot of good information on that.

    评论

报告相同问题?

悬赏问题

  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥100 支付宝网页转账系统不识别账号