So I'll say right up front, obviously I know this is not actually secure, don't beat me up over that. I'm just interested in the question from a lazyness standpoint.
I have a website that has some information that I'd like to "hide" from the general public. Nothing important or vulnerable; I just don't really want people to find it and mess with it. I've already got a robots.txt file disallowing all crawling. There are no links on the page (or will be no links from other sites to this one).
example.com takes you to a "You are not allowed access" page, while example.com?real=fun actually gets you the content. PHP will not actually run the page unless the query key/value pair is correct. So is it reasonable for me to assume that no one will find this page by accident, and on the offchance they do, that they won't be able to get into the content?
Yes, I'm lazy, but I'd still like to know.
• edit • I'm not looking for "how to do this". I've already done it. The correct answer would address if there are other basic ways for a person to get into the page which uses this technique.
Yes, it's reasonable to assume they won't be able to get into the contents because Apache will see an index.php request and simply deal out the resource. There is no way they can simply just guess what you've hardcoded in the backend server unless it's like some shared web hosting and other users on the server can see the contents of your directory.
Add this at the top of the index.php file for the root of www.example.com
if (empty($_GET))
exit("nothing to see here");
elseif ($_GET['real'] != 'fun')
exit("nothing to see here");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With