At 7:36 AM -0500 3/22/00, Anthony Kirlew wrote: >I have heard much talk of the security issue recently. Here is one way to >get around this. Lets say you have a file called "private". You could put >it in a folder called "icons" (or some other generic name) and then do a >disallow on "/icons" that way you wouldn't be giving away the name of your >private directory. Here is an example:
Right. The real issue is putting sensitive information in filenames/URLs, not exposing URLs. If the filenames are /project12/doc0004.html, then nothing is exposed. The same goes for hostnames. Don't have a machine named "palm-killer" or "wireless-search" unless you want people to know about it. That is why projects use code names. wunder