[英]Can someone know the files inside a directory from outside the server?
I have web application that will store some files inside a directory called items, and each item will have it's own directory. 我有一个Web应用程序,该应用程序会将一些文件存储在名为items的目录中,每个项目都有其自己的目录。
The question is if the directory has an index.html page can anyone knows what the names of files might be ? 问题是目录中是否有index.html页,谁能知道文件名是什么?
more explanation 更多说明
http://www.mysite.com/items/item-734783HH/
inside item-734783HH there will be 2 files 在item-734783HH内部,将有2个文件
-index.html
-secureFile.zip
The secureFile
name will be hashed. secureFile
名称将被散列。 Is there anyway to steal this file from the web ? 无论如何,有从网上窃取此文件的信息吗? that's my real concern
那是我真正的担心
Also, I am using PHP
for copying this file and give it to the user when the purchase is complete. 另外,我正在使用
PHP
复制该文件,并在购买完成后将其提供给用户。
short answer, but only "usually" true: no. 简短的回答,但只有“通常”正确:否。
long version for the short version: if you have an index.html then going to http://www.mysite.com/items/item-734783HH/
will serve up http://www.mysite.com/items/item-734783HH/index.html
instead. 短版的长版:如果您有index.html,则转到
http://www.mysite.com/items/item-734783HH/
将投放http://www.mysite.com/items/item-734783HH/index.html
代替。 Users will not see a directory listing, so they either have to know those files already exist, or guess them. 用户将不会看到目录列表,因此他们要么必须知道那些文件已经存在,要么猜测它们。
actually true answer: only you can tell us. 真正的答案:只有您能告诉我们。 It depends on the server you're using in combination with PHP, and what you've told it to autoresolve to when someone hits a route that does not indicate a file but a directory.
这取决于您将其与PHP结合使用的服务器,以及当有人点击一条不表示文件而是目录的路由时,要服务器自动解析的内容。 It also depends on whether you blacklist/whitelist files based on file patterns, like a "DENY FROM ALL" for files that start with ".", etc.
它还取决于您是否基于文件模式将文件列入黑名单/白名单,例如以“。”开头的文件的“ DENY FROM ALL”(拒绝所有)。
It's probably time to learn more about how your server works. 现在可能是时候进一步了解服务器的工作方式了。 The internet has a lot of good information on that.
互联网上有很多很好的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.