index files and directory listing

index files and directory listing

Séverin Terrier
Number of replies: 4
Documentation writers 사진 Particularly helpful Moodlers 사진 Testers 사진 Translators 사진
Hello,

in Moodle, some directories have useful index.php files (files/, group/, admin/, ...), some other have index.html files, just to avoid directory listing (enrol/, filter/, lib/, ...).

But there are also some other directories that have no index.* file (calendar/, question/, ...)

Wouldn't it be more logic to adopt the same thing everywhere, to avoid directory listing ?

Séverin
평균 등급 : -
In reply to Séverin Terrier

Re: index files and directory listing

Nicolas Martignoni
Core developers 사진 Documentation writers 사진 Particularly helpful Moodlers 사진 Plugin developers 사진 Testers 사진 Translators 사진
Hi Séverin,
I had the same feeling: see MDLSITE-183.
평균 등급 : -
In reply to Nicolas Martignoni

Re: index files and directory listing

Séverin Terrier
Documentation writers 사진 Particularly helpful Moodlers 사진 Testers 사진 Translators 사진
Hi Nicolas,

i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
평균 등급 : -
In reply to Séverin Terrier

Re: index files and directory listing

Eloy Lafuente (stronk7)
Core developers 사진 Documentation writers 사진 Moodle HQ 사진 Peer reviewers 사진 Plugin developers 사진 Testers 사진
Hi Séverin,

if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.

For example modules, blocks, filters, authentication and enrolment methods...

That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.

The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.

Ciao 미소

평균 등급 : -