[CLUE-Tech] How safe is it?
David Anselmi
anselmi at americanisp.net
Sun Nov 3 19:49:46 MST 2002
Roger Frank wrote:
> I want to have some content in my /var/www/html directory that
> has restricted access. How safe are these scenarios:
>
> 1. I put it there in a subdirectory with no link and an unlikely
> name, such as /var/www/html/t87mz3q/secret_stuff.
> (I question, for example, if httrack can be set to mirror
> everything, or if one can somehow get to the /var/www/html
> directory and do the equivalent of an `ls` command.)
>
> 2. I put it on a link, such as "Solutions to Student Labs", that
> is password protected, probably using a PHP intermediate page.
> (Here, I'm wondering what can be done with viewing the page
> source and following it. Are PHP or PERL or any password
> page/link protection schemes solid?)
>
> 3. Other scenarios that work, other than "Don't put the data there
Without a more rigorous definition of "safe", I'll say that 1 and 2 are
equally safe, as are the suggestions from Matt, Jed, and Randy.
Practically speaking, pick one. Which is easier to manage over time,
hidden directories or passwords? Apache's basic authentication may be
easier to use than php/perl/etc password pages.
If you want an additional layer of complexity (which may or may not add
safety), do user authentication with SSL.
Do you want a more detailed discussion? Tell us what you mean by
safe--secret, correct, or available.
Dave
More information about the clue-tech
mailing list