okay, so on my site I have directories that I don't want anyone to access.

Lets say one such directory is located at www.somesite.com/x/

Now, usually, someone who goes to somesite.com will see index.html, and have no idea about directories. Maybe they'll guess that I have a directory /x and try to access it. In this event, i have an index.html that just points them back to my main page.

So at this point, joe user has no way to access these pages. But i've read about search engines, and how you should use a robots.txt to keep them away from certain information. So, recently, I've come to realize that anyone can get directory/file listings on your site (how, I'm not sure, but the concept makes enough sense to me since there are far more ways to acess sites than web browsers).

So, should I hide these directories somehow? Encode their information?

I've also been hearing a lot about mysql lately. Maybe I should put the information in a database that only I can access?

-Shy

MySQL would be a good choice, or you could just put the folder in your cgi-bin directory :)

~bud

Here's what I do, in the same situation: (quoted from another post)

My site requires security - I can't allow one customer (or the public) to see another customer's proposals, billing statements, software, etc.
I do it with secret directories:
If the project number is AB01CD01, I create a directory called AB01CD01X75ggT413xx13 or something (random characters), and put that customer's files in there.
Then I give that URL to the customer. There are no links to it from the public side. The client can bookmark it, if desired.
It's not without risks (If a client prints a document, the URL likely appears on the page), but I warn them about that.

--- I've been doing this for over a year and have had NO hits on the project folders that I can't trace to the clients.
If there are no links from the public side, then robots will not find them.
But don't give FTP access to your root folder.