Jump to content
Xtreme .Net Talk

can someone find pages on a server with no links to them?

fguihen

By fguihen
in ASP.NET

 Share

Recommended Posts

fguihen Newbie

fguihen

Posted
Posted
i have a page or two on a server that interact with a database. they have been disconnected from the main site, so anyone using the site is unaware of the pages. is there a way that someone could, with or without knowing the pages are there, scan the server or check the server for any pages that are not attached to the main site?
  • Leaders
snarfblam Newbie

snarfblam

Posted
  • Leaders
Posted

If it was previously connected to the main page, it could possibly found on a search engine or in any previous visitor's history, or a link or reference, direct or otherwise, to that page might have been missed when they were removed from the main page. If, for any reason at any time, there wasn't a default web page in a folder, a list of all the files in that folder may be displayed. If the name of the page is just a word it could be guessed.

 

Although the last two are not very likely, it is still not very safe to restrict access to a page strictly by not linking to it. Some hacker with nothing to better to do with his time is likely to cause you some hell one of these days if you do.

[sIGPIC]e[/sIGPIC]
fguihen Newbie

fguihen

Posted
  • Author
Posted
If it was previously connected to the main page, it could possibly found on a search engine or in any previous visitor's history, or a link or reference, direct or otherwise, to that page might have been missed when they were removed from the main page. If, for any reason at any time, there wasn't a default web page in a folder, a list of all the files in that folder may be displayed. If the name of the page is just a word it could be guessed.

 

Although the last two are not very likely, it is still not very safe to restrict access to a page strictly by not linking to it. Some hacker with nothing to better to do with his time is likely to cause you some hell one of these days if you do.

 

 

its on a intranet, so it wouldnt be in a search engine.there is always a default page, id say the page name could be guessed, but its not very likely. theres no way someone can "scan" an IIS Box to see what pages it has on it? i wouldnt think so, but i cant be sure. regardless the pages in question are being moved completely

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...