index files and directory listing

index files and directory listing

Séverin Terrier發表於
Number of replies: 4
Documentation writers的相片 Particularly helpful Moodlers的相片 Testers的相片 Translators的相片
Hello,

in Moodle, some directories have useful index.php files (files/, group/, admin/, ...), some other have index.html files, just to avoid directory listing (enrol/, filter/, lib/, ...).

But there are also some other directories that have no index.* file (calendar/, question/, ...)

Wouldn't it be more logic to adopt the same thing everywhere, to avoid directory listing ?

Séverin
評比平均分數: -
In reply to Séverin Terrier

Re: index files and directory listing

Nicolas Martignoni發表於
Core developers的相片 Documentation writers的相片 Particularly helpful Moodlers的相片 Plugin developers的相片 Testers的相片 Translators的相片
Hi Séverin,
I had the same feeling: see MDLSITE-183.
評比平均分數: -
In reply to Nicolas Martignoni

Re: index files and directory listing

Séverin Terrier發表於
Documentation writers的相片 Particularly helpful Moodlers的相片 Testers的相片 Translators的相片
Hi Nicolas,

i know there's nothing really serious about security, and people shouldn't see these type of URLs, but just don't understand why some directories have index.html file (even void), and some other don't...
評比平均分數: -
In reply to Séverin Terrier

Re: index files and directory listing

Eloy Lafuente (stronk7)發表於
Core developers的相片 Documentation writers的相片 Moodle HQ的相片 Peer reviewers的相片 Plugin developers的相片 Testers的相片
Hi Séverin,

if I'm not wrong... only directories able to contain "plugins" are protected from listing by using those index.html files.

For example modules, blocks, filters, authentication and enrolment methods...

That will prevent public disclosure about what custom (contrib, own...) modules are being used in your site.

The rest is, simply, Moodle. And everybody can see its contents by downloading it. So it isn't protected.

Ciao 微笑

評比平均分數: -