I apologize for the title. It's partially correct hehe.
I have Slackware 13.0 and I am running apache+php+postgresql server on it. I have this security issue. I have the user enter a username and password to enter the database. However, there's one hardcore vulnerability.
For example, say my website is www.example.com
. It's a database of toys. They go there to enter the username and password and a query by name, brand, etc, or a show all option, and the submit button which leads them to the results of the database query. However, if the user inputs 'www.example.com/toys' then it would take the user to that directory and show all the contents. I want to disable that.
So I tried chmod 700 toys dir. Which takes care of the problem, but then all the files within the toys dir are not visible to the users. The directory toys was 700 while all the files within it were 755. How come the users aren't able to view the files which are 755? How can I resolve this issue?
I know I could rename the toys directory to a random phrase of numbers and characters but if I don't have to I would rather not.