FTP security


#1

Hey everyone. I’m still new to web hosting and I would like to know if ftp is separate form the rest of the site? In other words, when I upload files to, for example, cherry.dreamhost.com, I see a list of folders/files and the root/home directory. I do not see it in this format /home/username. I just see the root directory of the domain. My concern is that when I upload the files online, can the public access the files under the full URL such as username.com/ftp folder? Sorry if it is a little confusing. I’m just trying to differentiate between ftp and the actual website storage spaces and what is available for public view. Thanks.


#2

Barring unusual configurations, only the contents of web directories (e.g, “yoursite.example.com”) are publicly accessible online.


#3

I’ll be glad to clear things up! Indeed, you would not see the /home/username format. When you’re connected to your server via cherry.dreamhost.com, you are already inside the /home/username directory. In that user directory lies your site directory, usually named yourdomain.com (for example). Only the files inside that yourdomain.com site directory are accessible to the public from a browser. Anything “outside” that directory, which would just be your user directory, cannot be accessed by anyone in a web browser. If you have files uploaded to the yourdomain.com directory that you do not want to be public, you can hide certain sub-directories using an .htaccess file with Options -Indexes in it. It’s explained in some detail here: http://wiki.dreamhost.com/Modifying_directory_indexes

Cedric H
Dreamhost Staff