I want to set up a site where users can access specific subfolders that I give them the addresses to, but want to prevent them from A)getting a list of all the folders B)having people guess at folder names and getting into the others now, i'm not concerned with hackers per se, just stopping people from "browsing" these folders. Since these folders are all named by job number, one could theoretically figure out the names of the other folders and just type that in their browser and access them. Instead , I could add some random digits to the end of the folder name, keeping people from merely guessing at other folders. My only question is, what length would someone have to go to get a main directory listing even if there is a blank index.htm at the main folder? Would this be enough to stop most casual browsers? (this site had previously had NO index.html...anyone could get a listing of the folders!!) I would assume that the longer the folder name, the harder it would be to "brute force" the folder names?

/snip Would this be enough to stop most casual browsers /snip yes, but it's strongly related to the content of your site... if it's interesting enough for someone then they'll try anything to look at those folders :D and also by assuming that you're not for example asking them to pay for a subscription... because, unless you protect "the" folders on the server level, people can still 'browse' anything within that folder... to not doing it on the server level, you can set somekind of membership system... basically, on each file you'll check for the userlevel... if the user has access to that folder (job type in your case) then show them the file, else, redirect them somewhere else... this needs server-side scripting like PHP :) ^o^ are you in Asia? do you watch Animax Asia? Please Vote

No, its nothing on the level of a pay for subscription type of thing, it's just information of interest to certain people (competition), who aren't very clever I might add. My main concern is, how hard it would be for someone to see a main directory listing (it's fine if someone can see the directory listing of the directory they are given- since that folder will be for that folder only).

well if its just kind of private and you dont want anyone but those one people from that specific job type to get in there. you could add an htaccess file assuming you have apache webserver. FBI Agent AIM: EliteAssassin187

/snip No, its nothing on the level of a pay for subscription type of thing, it's just information of interest to certain people (competition), who aren't very clever I might add. My main concern is, how hard it would be for someone to see a main directory listing /snip then I'll say creating the unusual folder names is enough :) but if you didn't put somekind of authorization then I think everyone can also get the folder names by following through the scheme? :) ^o^ are you in Asia? do you watch Animax Asia? Please Vote

Thanks for the input. And yes, i do have a plan for the "scheme" which is to make the folder names contain random "garbage" characters. I'd like to see someone figure out THAT scheme =D