Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   PHP/HTML indexing? (https://thetfp.com/tfp/tilted-technology/57148-php-html-indexing.html)

k_day64 05-28-2004 03:32 AM
PHP/HTML indexing?
 
Is there a way with PHP to generate HTML of an index?

Lets say there are 50 files in root/goat_cheese/ and I dont like having indexing turned on. How do I get PHP to output an HTML file that lists these 50 files without letting someone know the dir name.

It would be a nice security feature.

~k_day64

Fallon 05-28-2004 05:01 AM
Crap, this is in one of my books on how to do it.
Here's a recursive one:
http://www.phpbuilder.com/snippet/do...snippet&id=747
Here's another:
http://www.phpbuilder.com/snippet/do...snippet&id=726
I'm sure with a little tweaking, you could get either to work.

Silvy 05-28-2004 07:41 AM
Quote:
Originally posted by k_day64
It would be a nice security feature.

~k_day64
Hmm, sounds like "security through obscurity" which by itself is a Bad Thing (tm).

What security concerns do you have?

k_day64 05-28-2004 09:02 AM
Quote:
Originally posted by Silvy
Hmm, sounds like "security through obscurity" which by itself is a Bad Thing (tm).

What security concerns do you have?
I dont like the thought of ppl knowing my dir structure becasue it is based of the FTP users and I dont want their logins know.

~k_day64

cthulu23 05-28-2004 01:21 PM
Quote:
Originally posted by k_day64
I dont like the thought of ppl knowing my dir structure becasue it is based of the FTP users and I dont want their logins know.

~k_day64
You can use PHP's directory functions to open any directory that the webserver user has read access to, including dirs outside of the web root. Open a directory, get a listing of files, then return that listing without naming the directory. If you're worried about your interpreter going belly up and spewing out your raw code (with file paths and all), you can also put your directory parsing functions in a file outside of your web root and "include" that file in your script. Even if your PHP code is readable, they'll get no directory names.

Hopefully I understood your concerns and this advice is helpful.

ibis 06-05-2004 07:13 PM
Depending if you have enough access rights to your server, you could set up your server to automatically use the forementioned code instead of the "No directory listing allowed" html.

manalone 06-10-2004 01:19 AM
Quote:
Originally posted by Silvy
Hmm, sounds like "security through obscurity"
Well, actually, it's not, really. Security through obscurity refers to closed-source methods, not by using tried-and-tested techniques to secure something.

Quote:
which by itself is a Bad Thing (tm).
Arguably not. The NSA Tier 1 algorithms are apparently pretty good. All that we know about them is an estimate of key and block size, as well as a name.
So, it's a question of resources, if you have a larger budger than the CIA and more computing power than 20 earth simulators, then you're likely safe to stick to closed source :)
Quote:

What security concerns do you have?
Well, he doesn't want people poking around his directories, which is fair, particularly if he has stored passwords for php or something.

anyway, my solution would be to remember to use dud index.html in all sub directories as well, because image urls and things reveal part of the directory structure.

It all depends what level you're aiming for. If you really want to go for it, you could use a keyed method for generating urls (the key in php, with the links opened in js).


All times are GMT -8. The time now is 06:11 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37