[3521] in WWW Security List Archive
Re: Alta Vista may or may not harvest unadvertised documents
daemon@ATHENA.MIT.EDU (David W. Morris)
Wed Nov 13 03:22:16 1996
Date: Tue, 12 Nov 1996 22:37:08 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: Prentiss Riddle <riddle@is.rice.edu>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199611111632.KAA18657@is.rice.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mon, 11 Nov 1996, Prentiss Riddle wrote:
> Regardless of whether the Alta Vista harvester is this aggressive,
> other harvesters (or individual human users) might be, so the prudent
> thing is never to put files in a world-readable web tree that you can't
> afford for the world to see. Other recent RISKS postings include a few
> horror stories on this theme.
True, but almost all of the risk is eliminated if you provide the
index.html or what ever your server requires to block enumeration
of all files in a directory. While the files may still be accessible,
it would take a real guessing game to find the names.
Dave Morris
