index files and directory listing

index files and directory listing

- Séverin Terrier の投稿
返信数: 4
画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Testers 画像 Translators
Hello,

in Moodle, some directories have useful index.php files (files/, group/, admin/, ...), some other have index.html files, just to avoid directory listing (enrol/, filter/, lib/, ...).

But there are also some other directories that have no index.* file (calendar/, question/, ...)

Wouldn't it be more logic to adopt the same thing everywhere, to avoid directory listing ?

Séverin
評点平均: -
Séverin Terrier への返信

Re: index files and directory listing

- Nicolas Martignoni の投稿
画像 Core developers 画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Plugin developers 画像 Testers 画像 Translators
Hi Séverin,
I had the same feeling: see MDLSITE-183.
評点平均: -
Nicolas Martignoni への返信

Re: index files and directory listing

- Séverin Terrier の投稿
画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Testers 画像 Translators
Hi Nicolas,

i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
評点平均: -
Séverin Terrier への返信

Re: index files and directory listing

- Eloy Lafuente (stronk7) の投稿
画像 Core developers 画像 Documentation writers 画像 Moodle HQ 画像 Peer reviewers 画像 Plugin developers 画像 Testers
Hi Séverin,

if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.

For example modules, blocks, filters, authentication and enrolment methods...

That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.

The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.

Ciao 笑顔

評点平均: -