I
Insecure
What is the best way to restrict or prevent the wholesale
view and http download of files from FP Web folders?
By examining the HTML for a site (or well known
FP 'hidden' folders), the location of most folders can
be easily found and their contents downloaded. For
example, "http://www.xyz.com/images/" will show all the
files in the 'images' folder making it easy to grab the
entire directory.
The same approach works for all folders except the
_private folder since it's permission settings restrict
access - but practically everything else can be
accessed. FP seems to be very touchy about changing
directory permissions when it comes to restricting
access. What is advised?
Sincerely Insecure
view and http download of files from FP Web folders?
By examining the HTML for a site (or well known
FP 'hidden' folders), the location of most folders can
be easily found and their contents downloaded. For
example, "http://www.xyz.com/images/" will show all the
files in the 'images' folder making it easy to grab the
entire directory.
The same approach works for all folders except the
_private folder since it's permission settings restrict
access - but practically everything else can be
accessed. FP seems to be very touchy about changing
directory permissions when it comes to restricting
access. What is advised?
Sincerely Insecure