What’s the purpose of Protected Directories

Adrrrrien · January 4, 2024, 1:21am

Website URL

http://adrianvic.rf.gd/

I don’t know if I should post this on Informal or Hosting Support.

so, I resolved to try Protected Directories on my website and it works pretty well, but I’m a little confused about it’s purpose, like, in InfinityFree’s ToS is stated that the server storage should only be used to store files that are in some way shown to the user, so why there’s an option to prevent users from accessing it, I know I can embed protected files in my pages, but it will now be accessible (breaking the “Protected”) - So, what’s the purpose?
Thanks for any attention.

Greenreader9 · January 4, 2024, 1:25am

You could use it to protect an admin area if you have a custom built CMS so only you can access it in order to edit the rest of your site for example.

Adrrrrien · January 4, 2024, 1:30am

Thank you, even it’s pretty common to CMSs to have a built-in login system I can understand it’s use for a self made CMS.

Greenreader9 · January 4, 2024, 2:01am

That’s one example (That I came up with in the moment), it has many uses

anon95807532 · January 4, 2024, 4:11am

Hi Adrrrrien,

There are a lot of cases where this comes in handy, but the general idea is to selectively provide access to files, here’s a few that I’m using this feature for:

Allow upload-only access to eCommerce stores on customized products, that image or design file is specifically for the vendor, not anyone else and it does not require public display but in the admin panel for specific vendor dealers.
Application website that allow uploading photo ID, which is any case should not allow public access.
Downloaded virtual goods that are meant for paid users like music files, video clips or any publications that are exclusive access, usually behind a login but not necessarily CMS.
Temporary processing files that do not need to be shown to visitors, for example, when converting a PDF to searchable text, a process to convert each page into an image using GhostScript is required before processing the image using Tesseract or any OCR engines. (The images are not required to be displayed to the user and can be deleted right after, yet it’s also important to keep those secure from public access).
File-based databases or large text files that are meant for static lookups, e.g. country and currency data.
Generated backups for admin download, these won’t be accessed via the HTTP web but FTP.

to name but a few, more of these are applicable.

Cheers!

Admin · January 4, 2024, 12:06pm

You can use the Protected Directories feature as an additional security measure. For example, if you are using WordPress, you can use it to password-protect the wp-admin directory. You’ll then need to login with your directory password and your WordPress account, which still needs the relevant permissions.

But should your site every have a security vulnerability that allows people to create their own admin accounts, having the directory protection means they still won’t be able to access critical WordPress settings.

It’s exotic, yes, and shouldn’t be necessary in most situations. But if you want to have maximum security, there is merit to it.

system · January 11, 2024, 12:06pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.