|
| |
|
|
Starhugger
Posts: 529
Joined: 4/12/2005
Status: offline
 |
Security of directories - 2/3/2008 19:04:48
I'm starting to make private files available for specific people to download (one unique file per person). I'm on a Linux server with CPanel.
What I do is I create a directory only for that person and password protect it through CPanel after I've uploaded the files. "Files" being an HTML file that has a link to download the file and instructions to the person for downloading, plus the file itself to be downloaded. The file is zipped and password protected as well.
I also have these personal directories as children off of a parent directory (which is a child of my root directory). The parent directory is listed as blocked in robots.txt. The parent directory is also password protected (only I know the password). The files and directories therein are not linked into my site, other than an HTML file in the parent directory that gives a link to the main Index page, just in case someone wanders in there by accident. These pages and directories are not linked into my FP theme or navigation.
Once I get this all set up, I send the person an email with a link to their personal directory page, along with instructions about their directory password and how to download the file. They click on the link in the email and it takes them to their directory, where they must enter their password to access their webpage with the download link. I ask the person to let me know when they have finished downloading the file, and then I remove the directory and its contents from my website, usually within a couple of hours, and no more than 24 hours later.
My concern is that I don't know if this is reasonably secure or not. Can I relax about security with the way I have this set up? Is this overkill? Could bots and crawly things access a password-protected directory or examine the contents? How easy is it to hack into a directory like that? Would the password-protected parent directory automatically block access to any child directories? How likely is it that email hackers could catch the link and send a bot in there? Am I just being paranoid? (I don't think so, but maybe just a little.)
The file to be downloaded is very personal to the person it's meant for, although of no interest or value to the average bot strolling by, but they probably wouldn't know that just by looking at it. I would like to tell my downloaders that their file is absolutely secure, but I don't want to assume this without knowing for sure. Even if it's unlikely that a bot or person would wander into their directory, I'd prefer to be able to reassure my downloaders that it is not possible.
Thanks for any info or suggestions about this.
Starhugger
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
