[Volunteers] [svlug] nifties listing?

Rick Moen rick at linuxmafia.com
Wed Oct 12 15:49:05 PDT 2005


Quoting Bill Ward (bill at wards.net):

> I've never understood why people think it's a security hole to not allow the
> built-in Apache directory listing. I'm tempted to enable it, at least for
> this directory, or to AllowOverride it so that Rick can put it in a
> .htaccess file. Anyone have a strong opinion about it?

Sounds reasonable.  

My own view is that your temptation's a good one.  ;-> 

Having to do the other stuff is a bit baroque, and (in my view) it's
smarter over the long term to just have autoindexing enabled globally 
and not put stuff in document trees' known directories that you
aren't willing to have the public find.

(Occasionally, I hear that someone's "discovered" that
ftp://linuxmafia.com/ shows them directories that are "hidden" when
they use http-type URLs on account of index.{html|htm|php} files.  
This is a little amusing because those are intentionally public.)





More information about the volunteers mailing list