July 22, 2005 (This post is more than 2 years old.)

How NOT To Do Directory Security

Recently a coworker noticed a web site where the owners had forgotten to secure their administration folder. (He was able to get to the folder by guessing.) He immidiately emailed them to let them know about the problem.

The site promptly closed up the directory.... but only if you requested http://theirurl/thefolder. If you went to http://theirurl/thefolder/default.aspx, you could still get right in.

Something you may want to check on your own sites!

Support this Content!

If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!

Want to get a copy of every new post? Use the form below to sign up for my newsletter.

Raymond Camden

How NOT To Do Directory Security

Support this Content!

Webmentions