A reader recently asked me this security question:
If a user enters:
They get a listing of all scripts/files in that directory and they can then select and execute/run those scripts.
This is a real concern for us, any suggestions?
The solution is to turn off directory browsing in your Apache configuration. To do this, make sure your Apache configuration file (probably httpd.conf or .htaccess) includes this directive:
Note that this directive merely prevents people from discovering the names of your files. Users who already know your file names can still access them. But Options -Indexes provides an important layer of security, preventing mischief from casual users who might otherwise stumble onto your file names by accident or design.
More information: http://httpd.apache.org/docs/2.2/mod/core.html#options