Guest Deleted Posted May 28, 2013 Share Posted May 28, 2013 This is on page 50. Anyhoo near the bottom of the sidebar it says, "Further, I suggest that you use your own personalized folder names for security purposes. Any time that a malicious user is blind to the names of folders and documents, the better." I've been given advice several times before but I always wondered how this would help. If a hacker breaks into your server wouldn't they just have to type dir to see all folder and file names in a particular directory? My server doesn't have oodles and oodles of directories so it shouldn't take too long to figure out where my framework's system and application folders are. Now granted I DID give those two folders alternative names, but I didn't bother giving the libs, controllers, models, etc. folders alternative names. I thought that would be really confusing and not for much security benefit. So yeah what do you guys think? (Not trying to sound like I know everything or anything...I don't, I just am trying to understand how having obscure folder names helps.) Link to comment Share on other sites More sharing options...
Larry Posted May 29, 2013 Share Posted May 29, 2013 If a hacker breaks into your server, then you're already in trouble and the names of your directories is meaningless. But take, for example, this forum. The default admin directory is "admin". As that's an obvious choice, it'd be easy for hackers to go to the admin directory in their browser and then see if they can use an attack to gain access (e.g., trying different username/password combinations). As it's obvious that my username is "Larry", and I am an administrator, all a hacker would have to do is guess my password. So I've changed the name of the admin directory to something else, which prevents this from being an issue. There are other security measures, sure, and ones you should implement, but this is an easy thing to do and every little bit helps. Link to comment Share on other sites More sharing options...
Guest Deleted Posted May 29, 2013 Share Posted May 29, 2013 Ok, that makes total sense, but what about directories that are below the public_html/ level? When I installed CodeIgniter, the documentation not only told me to put CI's folders below that directory, but it said to change their names to something else. I did, but I never understood how that helped. Perhaps the CI people want you to do it just in case they ever end up in the public_html folder or above? Link to comment Share on other sites More sharing options...
Larry Posted May 29, 2013 Share Posted May 29, 2013 Yes, I don't see the point of putting the folders outside of the Web root AND changing their names. It should be either/or, in my opinion. Link to comment Share on other sites More sharing options...
Guest Deleted Posted May 29, 2013 Share Posted May 29, 2013 Ok then we can blame CI's documentation for why I was confused on the value of changing directory names, hehe Link to comment Share on other sites More sharing options...
Recommended Posts