index files and directory listing

index files and directory listing

Séverin Terrier -
回帖数:4
Documentation writers的头像 Particularly helpful Moodlers的头像 Testers的头像 Translators的头像
Hello,

in Moodle, some directories have useful index.php files (files/, group/, admin/, ...), some other have index.html files, just to avoid directory listing (enrol/, filter/, lib/, ...).

But there are also some other directories that have no index.* file (calendar/, question/, ...)

Wouldn't it be more logic to adopt the same thing everywhere, to avoid directory listing ?

Séverin
平均分: -
回复Séverin Terrier

Re: index files and directory listing

Nicolas Martignoni -
Core developers的头像 Documentation writers的头像 Particularly helpful Moodlers的头像 Plugin developers的头像 Testers的头像 Translators的头像
Hi Séverin,
I had the same feeling: see MDLSITE-183.
平均分: -
回复Nicolas Martignoni

Re: index files and directory listing

Séverin Terrier -
Documentation writers的头像 Particularly helpful Moodlers的头像 Testers的头像 Translators的头像
Hi Nicolas,

i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
平均分: -
回复Séverin Terrier

Re: index files and directory listing

Eloy Lafuente (stronk7) -
Core developers的头像 Documentation writers的头像 Moodle HQ的头像 Peer reviewers的头像 Plugin developers的头像 Testers的头像
Hi Séverin,

if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.

For example modules, blocks, filters, authentication and enrolment methods...

That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.

The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.

Ciao 微笑

平均分: -