Click here to Skip to main content
14,739,403 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I'm running a WCF web app via IIS7.

Inside my application I have a public folder and inside that folder I have files containing rather sensitive information.

Currently, I have Directory Browsing disabled in IIS.
The files names are randomly generated strings of gibberish.

My initial thought was, that since Directory Browsing is disabled, and no-one knows the files' names that no-one should be able to access them.

How safe are my assumptions?

If unsafe, I'll rewrite some code to stream the files to my client instead of referencing directly with a URL like I'm currently doing.

Apparently, not 100% safe... It looks like you understand it yourself.

1 solution

Stream them.
And if they are that sensitive, encrypt them when you store them as well.
Think about it: even if Directory Browsing is disabled, how many people have physical access to the server? Do you know them all?

If you stream them, you can expire requests so they are only valid for a certain period of time as well, preventing spurious copies being taken by URL copying from the client as well.
MatthysDT 7-Mar-13 9:43am
Thanks for the comment. Physically, the server is 100% secure and there are no concerns in that department. The client will be an iOS application. The client-server communication will occur over HTTPS, should I still encrypt the files? My question is more theoretical in nature, I want to know, can such files, theoretically, be accessed by someone who doesn't know what the file names are? Assuming that both the server and clients are physically secure.
[no name] 7-Mar-13 10:02am
The only server the 100% secure is the server that is in a locked room with zero network and zero physical access.
MatthysDT 7-Mar-13 10:04am
I should have known there'd be a comment about my "100% secure" server, I deserve that. My question (in theory) still stands though.
OriginalGriff 7-Mar-13 10:34am
Personally, I would never store sensitive data unencrypted - if nothing else, backups are always vulnerable (and a generally forgotten risk since they are seen as a security measure rather than a back door as well).
Any data stored unencrypted is insecure, by definition. If you encrypt the files, then decrypt them only for transfer then you are minimising the risk at the server end - the client end must take care of itself!
MatthysDT 8-Mar-13 2:55am
O.k, didn't get quite the answer I was looking for, but the general idea is that I should at least encrypt the files, roger that. So answer accepted... thank you!
Can I ask a plain question and hope to get a YES/NO answer from it?
Q: With Directory Browsing disabled, is there any way for an attacker to determine the names of one or more files within an un-browsable directory on that server? (Given that the names are randomly generated, so ignore the possibility of guessing the files names when answering).
OriginalGriff 7-Mar-13 10:38am
And no electricity. :laugh:

I used to work for a company making Tempest VDUs - radiation shielded so they did not radiate even the scan line info for external reading - and the service department hated them. No manuals or recording devices (including pencil and paper) allowed in the room with them, all programmable components such as EPROMs removed before the engineer arrived (despite us writing the software are programming the EPROMs for them) and no electricity supply in the room either.
All they could do was swap every single component and hope it worked afterwards...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900