Hello,
in Moodle, some directories have useful index.php files (files/, group/, admin/, ...), some other have index.html files, just to avoid directory listing (enrol/, filter/, lib/, ...).
But there are also some other directories that have no index.* file (calendar/, question/, ...)
Wouldn't it be more logic to adopt the same thing everywhere, to avoid directory listing ?
Séverin
Hi Séverin,
I had the same feeling: see MDLSITE-183.
I had the same feeling: see MDLSITE-183.
Hi Nicolas,
i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
Hi Séverin,
if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.
For example modules, blocks, filters, authentication and enrolment methods...
That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.
The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.
Ciao
if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.
For example modules, blocks, filters, authentication and enrolment methods...
That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.
The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.
Ciao
Hi Eloy,
thanks for the explaination
Séverin
thanks for the explaination
Séverin