I’ve heard this many and many times: “create a index.php on every folder in your web server to make sure users will not see a list of files in the folders”
is that true? I’m in need of some good pratices for security.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve heard this many and many times: “create a index.php on every folder in your web server to make sure users will not see a list of files in the folders”
is that true? I’m in need of some good pratices for security.
Short answer: No.
Long answer: Yes.
Having a default document may indeed prevent a directory listing to be outputted, but:
So while you’re right, it is easy to forget a directory, and a lot of work to create all those files. And it only protects your from listing, and only if index.html is indeed the default document name (again: server configuration). It doesn’t prevent any direct access to your script, so please please please use a more proper security.