Menu
Lets say I have "admin" folder in my public_html and I don't want anyone except me to be able to access it. What if instead of password protecting it (using apache htaccess) I just rename it to "admin-7815696ecbf1c96e6894b779456d330e" and leave it open (with disabled folder indexes of course)?
People usually freak out from such "solution" as it seems extremely vulnerable. But is it really any worse than password protecting? I can't think about any major security risks comparing to password protecting. Would anyone be ever able to find out a name of this folder?
962
For a personal site, it's probably OK - but only you know the value of what you are protecting. One thing to be wary of is if you have webpages in that directory that link to external sources - by clicking a link to one of those external URLs you will (probably) pass on your "secret" url in the HTTP Referrer header. Also, it only takes on link back to your "secret" url and robots and spiders could be all over it and then you'll find it in Google. So, be very careful!
60
Bad idea - It's basically security by obscurity.
This is the sort of thing you'd use to protect a phpbb /install/ folder during an install, but not as a permanent solution.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
