Today’s tutorial falls into the category of “security reminder” to do with web hosting, and specifically, today, Apache web hosting.
When you open a new public directory on your website and populate it with media files, for example, don’t forget that those media files, alone, in that directory, can be a security weakness. Why is that? That is because if somebody managed to place, in the case of Apache, an index.htm or index.html file there, then they could perhaps “hack” their way into having the launching pad to place an entire web application there, in the worst case scenario.
So the message here is fairly simple. In between you (s)ftp’ing media files across and settling on the (makeup of) HTML/PHP files to access and use those media files (or even if you have no plans this way), remember to, for the meantime, have, also, in this new folder an index.html (and maybe also good to have index.htm) that are perfectly useful, even, as empty files, that sit there protecting your site until you come along later, and “clobber” them, as required, with real programming files. The other choice is to (s)ftp all at once, of course.
We constantly use the Firefox add-on called FireFTP for this purpose and find that it is really easy to use the (equivalent of Windows right-click) option called “Create File” at the right-hand remote client window (ie. the live web server at the www.rjmprogramming.com.au domain), and name the file “index.html” (and perhaps do the same for “index.htm”).
You can see (the end result of) this simple piece of security advice, in action, in our tutorial today (though it is better to open the post and hover over the picture to see the “twirly” slideshow, for getting the full context). Please note that wherever we mention “index.” above for Apache, on a .Net web hosting that might be “default.” (for default.html and default.htm), as the default folder “goto” HTML filename (when none are mentioned specifically in a URL).
If this was interesting you may be interested in this too.
6 Responses to FireFTP Create File Primer Tutorial