列出访问受限的在线文件夹的内容(以及如何防止这种情况)
我限制了对我的 Internet 文件夹的访问,例如
http://www.my-domain/my_folder/my_sub_folder/
,因此,任何人的访问都会被拒绝(403 禁止消息)
如果我向某人提供该文件夹文件之一的直接链接,则可以从 Internet 上的任何位置访问它,例如
http://www.my-domain/my_folder/my_sub_folder/a_file.pdf
有人有可能获得我的文件/文件夹内容的列表吗?
我认为这只是发生了......这怎么可能?
一定有人尝试过所有可能的文件名组合!或者还有其他我忽略的方法吗?
编辑: 如果 Google 可以找到该文件的链接,那么互联网上其他地方一定有对该文件地址的引用,对吧?有机会找到该链接吗? (出于好奇,我同时限制了对我的文件的访问。)
I restricted access to my Internet folder, e.g.
http://www.my-domain/my_folder/my_sub_folder/
So that, for anybody access is denied (403 Forbidden message)
If I provide someone with a direct link to one of the folder's files, it is possible to access it from anywhere on the Internet, e.g.
http://www.my-domain/my_folder/my_sub_folder/a_file.pdf
Is there a possibility that somebody got a list of my files/the folder's contents?
I think that just happened ... how was that possible?
Somebody must have tried all combination for possible file names! Or is there another way, that I overlooked?
Edit:
if the link to the file can be found by Google, then there must be a reference to the file's address somewhere else on the Internet, right? Is there a chance to find that link? (Just out of curiosity, I limited the access to my files in the mean time.)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有几种低概率的途径:
众所周知,默默无闻的安全性(即没有人知道它的存在,因此它是安全的)几乎毫无价值。如果您确实需要安全性,请启用 SSL 并设置密码保护。
There are several low-probability avenues:
Security by obscurity (i.e. nobody knows it's there, so it's safe) is well known to be almost worthless. If you really want security enable SSL and set up password protection.