Allows say I've "admin" folder during my public_html and I'm not going anybody except me to have the ability to can get on. Let's say rather than password safeguarding it (using apache htaccess) I simply relabel it to "admin-7815696ecbf1c96e6894b779456d330e" and then leave it open (with disabled folder indexes obviously)?

People usually panic from such "solution" because it appears very vulnerable. But could it be really any worse than password safeguarding? I can not consider any major security risks evaluating to password safeguarding. Would anybody be ever in a position to discover a title of the folder?

Bad idea - It's essentially security by obscurity.

This is actually the kind of factor you'd use to safeguard a phpbb /install/ folder throughout an install, although not like a permanent solution.

For any personal site, it's most likely OK - but known only to you the need for what you're safeguarding. One factor to become cautious about is for those who have web pages for the reason that directory that connect to exterior sources - by visiting a link to 1 of individuals exterior Web addresses you'll (most likely) spread your "secret" url within the HTTP Referrer header. Also, it only assumes link to your "secret" url and robots and bots might be throughout it after which its in the search engines. So, be cautious!

Yes its an awful idea.

If you do not make use of a password, others will not address it as a result.

For instance, your browser will cache that url in the history. It will not do this instantly for passwords (a minimum of not Opera)

How about their email list permission? How about internet hops, they'll call at your URL.

Should you start on offer the safety system, the safety system will not know you need to be secure.


A different way to consider it's, when software sees your password it is going, "It is really an security problem and that i will address it as a result.Inch However for Web addresses, it is going "Meh, another bit of data"

Unlike what others have stated, this really is not security through obscurity, and for the way the random folder title is designated, and just how that title remains safe and secure, this is often a very secure solution.

First, pick the folder title from the large "space". Because of how big the amount within the question, it appears like that's been done. Personally, I'd select a number at random inside a range as much as between 2112 or 2128, then scribe it to text using hexadecimal (base-64 works in certain contexts, but it is not handy for directory names).

The random component ought to be selected from the cryptographic quality random number generator.

Then, safeguard the random title by transmitting and storing it only on secure media. What this means is, for instance, only being able to access the items in your directory over HTTPS. Without SSL, an guy-in-the-middle would discover the secret directory title and also have unrestricted access.

If this sounds like made by webmaster for his or her own only use, it is a fast and simple solution. If multiple parties need accessibility directory, user names and passwords (which should also be sent only on the secure funnel) rapidly are more convenient because privileges could be granted only by webmaster and may be suspended without having affected other customers.