Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
HELP with Virtual FOLDER
- Thread starter appsci
- Start date
You need to enable directory browsing on the server. Then link to the images folder:
<a href="/images/">Images Here</a>
As long as there is no "default" document (index.htm, default.asp, etc) file in there, this will allow the user to browse.
This will list all the image file names for the user to click and view.
You could always fake it with little folder images and link to each image individually.
DeZiner
Never be afraid to try something new.
Remember that amateurs built the Ark.
Professionals built the Titanic
<a href="/images/">Images Here</a>
As long as there is no "default" document (index.htm, default.asp, etc) file in there, this will allow the user to browse.
This will list all the image file names for the user to click and view.
You could always fake it with little folder images and link to each image individually.
DeZiner
Never be afraid to try something new.
Remember that amateurs built the Ark.
Professionals built the Titanic
- Thread starter
- #3
Whoah there big guy. Very dangerous enabling directory browsing security wise. I use ASp code to show the contents of a Directory thereby showing pics in it.The default.asp page in the folder I wish to show the files(pics)is the folowing. That way I don't have to enable directory browsing. If you enable directory browsing you are very open to attack.
Code:
<%
If request.cookies("Client")<>"Yes" then
Response.redirect "[URL unfurl="true"]http://www.your_domain.com/PicsPw2.htm"[/URL]
Else
Response.write " <h2> Click the links below to view the pics. </h2>"
Dim objFS, objFolder, strPhysPath, strScrNam, strThisFold, File, Folder
Set objFS = Server.CreateObject("Scripting.FileSystemObject")
strPhysPath = Request.ServerVariables("APPL_PHYSICAL_PATH")
strScrNam = Request.ServerVariables("SCRIPT_NAME")
strThisFold = strPhysPath & Left(strScrNam,InstrRev(strScrNam,"/")-1)
Set objFolder = objFS.GetFolder(strThisFold)
'For each Folder in objFolder.Subfolders ****commented out because there are no subfolders
' Response.Write(VbCrLf & "<a href='" & Folder.Name & "'><b>" & Folder.Name & "</b></a><br />")
'Next
Response.Write(VbCrLf & "<dl>")
For each File in objFolder.Files
Response.Write(VbCrLf & "<dd><a href='" &"PicsOct\" & File.Name & "'>" & File.Name & "</a></dd>")
Next
Response.Write(VbCrLf & "</dl>")
end if%>[code]glenmac,
Open to attack from who and how?
Directory listings can be enabled on a directory by directory basis, you do not need to enable them server-wide.
Even server-wide enabling doesn't really make you any more vulnerable if your server is already configured incorrectly as it would have to be to pose a security threat from someone browsing a directory.
Hope this helps
Wullie
The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
Open to attack from who and how?
Directory listings can be enabled on a directory by directory basis, you do not need to enable them server-wide.
Even server-wide enabling doesn't really make you any more vulnerable if your server is already configured incorrectly as it would have to be to pose a security threat from someone browsing a directory.
Hope this helps
Wullie
The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
takes you up a directory and if you're server is not set up properly you can get to the root dir giving the attacker access to your machine, using either a dictionary attack, dos attack or possibly planting a trojen. These script kiddy tools are readily available on the net. I beleive that it's best to secure your machine as much as possible, so if there's another way of giving people access to the contents of a directory in webspace other than directory browsing I use it. It's just my opion though.
Glen,
This would only be a security threat if the server software was about 10 years old.
Hope this helps
Wullie
The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
This would only be a security threat if the server software was about 10 years old.
Hope this helps
Wullie
The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
- Status
Similar threads
- Locked
- Question
- Locked
- Question