On my website, I have several html files I do not link off the main portal page. Without other people linking to them, is it possible for Jimmy Evil Hacker to find them?
+2
A:
Your talking about security through obscurity (google it) and it's never a good idea to rely on it.
flukus
2008-10-22 05:17:28
+5
A:
If anyone accesses the pages with advanced options turned on on their Google toolbar, then the address will be sent to Google. This is the only reason I have can figure out why some pages I have are on Google.
So, the answer is yes. Ensure you have a robots.txt or even .htaccess or something.
Darryl Hein
2008-10-22 05:18:20
ugh monkeybums. OK.
Paul Nathan
2008-10-22 05:27:48
Well it would be useful if you are in their position if you want to know about every page on the Internet. (Plus it's in the disclaimer.)
Darryl Hein
2008-10-22 05:45:58
The problem with a robots.txt is that someone looking for holes in your obscurity-security system will likely check there first.
Frank Schmitt
2008-10-22 06:57:11
@Frank Schmitt: this is very true. So the best is to put some other kind of blockage on it, such as password.
Darryl Hein
2008-10-23 02:39:30
+3
A:
Hidden pages are REALLY hard to find.
First, be absolutely sure that your web server does not return any default index pages ever. Use the following everywhere in your configuration and .htaccess files. There's probably something similar for IIS.
Options -Indexes
Second, make sure the file name isn't a dictionary word -- the odds of guessing a non-dictionary word fall to astronomically small. Non-zero, there's a theoretical possibility that someone, somewhere might patiently guess every possible file name until they find yours. [I hate these theoretical attacks. Yes, they exist. No, they'll never happen in your lifetime, unless you've given someone a reason to search for your hidden content.]
S.Lott
2008-10-22 09:51:06