I put some files on the hosting server, those files can be viewed via
the explicit url,
such as web.xxx.com/~lina/some_file.html
There are no any link built from homepage.
I wonder if someone else, without knowing the explicit name, whether can
they get or not?
I tried wget -c web.xxx.com/~lina/* not work.
is it safe?
Thanks with best regards,
P.S I don't have someone to ask, so just ask here. Thanks again for your
time.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 504F118A.6060503@gmail.com">http://lists.debian.org/504F118A.6060503@gmail.com
09-11-2012, 10:35 AM
Darac Marjal
web hosting server files
On Tue, Sep 11, 2012 at 06:25:14PM +0800, lina wrote:
> Hi,
>
> I put some files on the hosting server, those files can be viewed via
> the explicit url,
>
> such as web.xxx.com/~lina/some_file.html
>
> There are no any link built from homepage.
>
> I wonder if someone else, without knowing the explicit name, whether can
> they get or not?
>
> I tried wget -c web.xxx.com/~lina/* not work.
Try just http://web.xxx.com/~lina/
Some web servers, when told to serve a directory, will provide a listing
of the files in the directory; some will check for index.html first. I'd
suggest talking to the webmaster for web.xxx.com and seeing how the web
server is configured. If the link I provided above gives you a listing,
then look at either turning that feature off or countering it with an
index.html page. Once that's done then, no, it should be difficult to
find the page without knowing the direct link.
However, don't mistake this for security. All it could take is for
someone to bookmark the page and suddenly the page is "known".
By the way, I shan't make any judgements on your hosting provider
looking like a porn site
09-11-2012, 11:42 AM
lina
web hosting server files
On Tuesday 11,September,2012 06:35 PM, Darac Marjal wrote:
> On Tue, Sep 11, 2012 at 06:25:14PM +0800, lina wrote:
>> Hi,
>>
>> I put some files on the hosting server, those files can be viewed via
>> the explicit url,
>>
>> such as web.xxx.com/~lina/some_file.html
>>
>> There are no any link built from homepage.
>>
>> I wonder if someone else, without knowing the explicit name, whether can
>> they get or not?
>>
>> I tried wget -c web.xxx.com/~lina/* not work.
>
> Try just http://web.xxx.com/~lina/
Forbidden
You don't have permission to access /~lina/ on this server.
Apache/2.2.3 (CentOS) Server at www.xxx.edu Port 80
>
> Some web servers, when told to serve a directory, will provide a listing
> of the files in the directory; some will check for index.html first. I'd
> suggest talking to the webmaster for web.xxx.com and seeing how the web
> server is configured. If the link I provided above gives you a listing,
> then look at either turning that feature off or countering it with an
> index.html page. Once that's done then, no, it should be difficult to
> find the page without knowing the direct link.
>
> However, don't mistake this for security. All it could take is for
> someone to bookmark the page and suddenly the page is "known".
>
>
> By the way, I shan't make any judgements on your hosting provider
> looking like a porn site
I gave my words, it's a very decent website. Just let me keep some
privacy. The xxx is something I used to substitute something else.
>
Thanks with best regards,
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 504F23BA.1040905@gmail.com">http://lists.debian.org/504F23BA.1040905@gmail.com
09-11-2012, 02:17 PM
Darac Marjal
web hosting server files
On Tue, Sep 11, 2012 at 07:42:50PM +0800, lina wrote:
> On Tuesday 11,September,2012 06:35 PM, Darac Marjal wrote:
> > On Tue, Sep 11, 2012 at 06:25:14PM +0800, lina wrote:
> >> Hi,
> >>
> >> I put some files on the hosting server, those files can be viewed via
> >> the explicit url,
> >>
> >> such as web.xxx.com/~lina/some_file.html
> >>
> >> There are no any link built from homepage.
> >>
> >> I wonder if someone else, without knowing the explicit name, whether can
> >> they get or not?
> >>
> >> I tried wget -c web.xxx.com/~lina/* not work.
> >
> > Try just http://web.xxx.com/~lina/
>
>
> Forbidden
>
> You don't have permission to access /~lina/ on this server.
> Apache/2.2.3 (CentOS) Server at www.xxx.edu Port 80
That's good news.
> >
> >
> > By the way, I shan't make any judgements on your hosting provider
> > looking like a porn site
>
> I gave my words, it's a very decent website. Just let me keep some
> privacy. The xxx is something I used to substitute something else.
> >
Ah, I see. In future, I'd recommend sticking with the preferred
"documentation" host example.com. That's explicitly defined as a host to
be used for demonstration/documentation purposes (as are example.net,
example.org and so on). If you visit http://example,com, you'll see a
nice message stating that the host is for example purposes. If you visit
http://www.xxx.com... I suspect the message might not be so polite
My point is, it's fine to not use your real website, but if you use
"xxx.com" it's not immediately obvious that that's a substitution. If
you use "example.com", it's rather more clear what's going on.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120911141755.GC17799@darac.org.uk">http://lists.debian.org/20120911141755.GC17799@darac.org.uk
09-11-2012, 03:09 PM
Camaleón
web hosting server files
On Tue, 11 Sep 2012 18:25:14 +0800, lina wrote:
> I put some files on the hosting server, those files can be viewed via
> the explicit url,
>
> such as web.xxx.com/~lina/some_file.html
>
> There are no any link built from homepage.
>
> I wonder if someone else, without knowing the explicit name, whether can
> they get or not?
>
> I tried wget -c web.xxx.com/~lina/* not work.
>
> is it safe?
No, is not safe but security through obscurity so it's a matter of time
that someone can access to the resource. I would password protect the
file/folder.
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k2nk7q$3ru$9@ger.gmane.org
09-11-2012, 03:27 PM
lina
web hosting server files
On Tuesday 11,September,2012 11:09 PM, Camaleón wrote:
> On Tue, 11 Sep 2012 18:25:14 +0800, lina wrote:
>
>> I put some files on the hosting server, those files can be viewed via
>> the explicit url,
>>
>> such as web.xxx.com/~lina/some_file.html
>>
>> There are no any link built from homepage.
>>
>> I wonder if someone else, without knowing the explicit name, whether can
>> they get or not?
>>
>> I tried wget -c web.xxx.com/~lina/* not work.
>>
>> is it safe?
>
> No, is not safe but security through obscurity so it's a matter of time
> that someone can access to the resource. I would password protect the
> file/folder.
$ ls -lrt
total 4
drwxr-xr-x 3 lina users 4096 Sep 11 19:59 public_html
All things are suggested to put it into the folder of the
/home/lina/public_html
I am not clear how to password protect my file/folder.
BTW, which tricks people can be used to get the other files under
/home/lina/public_html ?
Thanks again,
Best regards,
>
> Greetings,
>
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 504F584C.7040307@gmail.com">http://lists.debian.org/504F584C.7040307@gmail.com
09-11-2012, 03:37 PM
Denis Witt
web hosting server files
On Tue, 11 Sep 2012 23:27:08 +0800
lina <lina.lastname@gmail.com> wrote:
> I am not clear how to password protect my file/folder.
Hi Lina,
assuming the server is running Apache follow this howto:
http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
The Apache config has to allow AuthConfig (AllowOverride AuthConfig)
for the directory you want to protect, but it's very unusual to
disallow this.
Best regards
Denis Witt
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120911173704.1e2d64be@X200
09-11-2012, 04:37 PM
lee
web hosting server files
lina <lina.lastname@gmail.com> writes:
> All things are suggested to put it into the folder of the
> /home/lina/public_html
>
> I am not clear how to password protect my file/folder.
>
> BTW, which tricks people can be used to get the other files under
> /home/lina/public_html ?
You realise that this requires your home directory to be readable by
other users (which is the default)? There's always the possibility that
there's a bug or security issue through which someone could abuse the
web server to access other files (in your home directory) outside that
sub-directory.
--
Debian testing amd64
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87a9ww3496.fsf@yun.yagibdah.de">http://lists.debian.org/87a9ww3496.fsf@yun.yagibdah.de
09-12-2012, 03:03 PM
lina
web hosting server files
On Tuesday 11,September,2012 11:37 PM, Denis Witt wrote:
> On Tue, 11 Sep 2012 23:27:08 +0800
> lina <lina.lastname@gmail.com> wrote:
>
>> I am not clear how to password protect my file/folder.
>
> Hi Lina,
>
> assuming the server is running Apache follow this howto:
> http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
>
> The Apache config has to allow AuthConfig (AllowOverride AuthConfig)
> for the directory you want to protect, but it's very unusual to
> disallow this.
Hi,
Thanks for the link, I followed it and built the .htpasswd .htaccess
Ha ... not works as I expected. is it due to
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
in /etc/httpd/conf/httpd.conf ?
Thanks again,
Best regards,
>
> Best regards
> Denis Witt
>
>
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 5050A431.1010802@gmail.com">http://lists.debian.org/5050A431.1010802@gmail.com
09-12-2012, 04:22 PM
Camaleón
web hosting server files
On Wed, 12 Sep 2012 23:03:13 +0800, lina wrote:
> On Tuesday 11,September,2012 11:37 PM, Denis Witt wrote:
>> On Tue, 11 Sep 2012 23:27:08 +0800
>> lina <lina.lastname@gmail.com> wrote:
>>
>>> I am not clear how to password protect my file/folder.
>>
>> Hi Lina,
>>
>> assuming the server is running Apache follow this howto:
>> http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/
>>
>> The Apache config has to allow AuthConfig (AllowOverride AuthConfig)
>> for the directory you want to protect, but it's very unusual to
>> disallow this.
>
> Thanks for the link, I followed it and built the .htpasswd .htaccess
>
> Ha ... not works as I expected. is it due to
>
> # AllowOverride controls what directives may be placed in .htaccess
> files. # It can be "All", "None", or any combination of the keywords: #
> Options FileInfo AuthConfig Limit #
> AllowOverride None
>
> in /etc/httpd/conf/httpd.conf ?
Most likely... More reading:
http://httpd.apache.org/docs/2.2/howto/auth.html
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k2qcs5$3v1$14@ger.gmane.org
web hosting server files
