Hide webpage file with random folder and SSL?

views:

answers:

Hide webpage file with random folder and SSL?

Does an SSL request show the page being requested or just the domain?

I am trying to hide files in a directory on a webserver by using random folder names. i.e. https://www.mydomain.com/DKSLW3020SLK43J9S0935KJSLK350S9/MyFile.pdf

The random folder name providing the security instead of a password. The risk of this is any third party intercepting router hops to see the page request and then the hidden folder is not so hidden.

If is access it using SSL is the SSL connection made to mydomain.com first, then the page requested or will a snooper see the entire:

/DKSLW3020SLK43J9S0935KJSLK350S9/MyFile.pdf

ending of the request made?

Thanks for your help!

If you mean HTTPS, then the snooper will see nothing at all; just the address of the site to which the user is connecting.

Try it yourself using a HTTP sniffer like Fiddler. (Fiddler has an option to decrypt HTTPS, but this is not possible for a snooper.)

bzlm 2009-11-03 22:15:17

Yes, SSL will protect the URL from third parties.

ceejayoz 2009-11-03 22:15:52

+2 A:

A normal man-in-the-middle attack will not see the full URL. However, your end user might choose to pass around the URL. Is that a concern?

Aric TenEyck 2009-11-03 22:19:05

Also, keep in mind that any hyperlinks FROM that file to another secure site will expose your "secret" URL in the HTTP Referer header.

EricLaw -MSFT- 2009-11-03 23:52:31

ansaurus

tags:

views:

answers:

Hide webpage file with random folder and SSL?

related questions