Is plain text in index.html secure? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionUse wpa_supplicant without plain text passwordsHow to guarantee the integrity of an OS?Which linux distro's package repositories are secure and which are not?execute file in server more safely?Why does SSH have unsecure defaults?Why are custom programs always installed in /opt, /srv, /usr/local, etc. and not in ~/ (home) folder?Why thepiratebay.se showing the content of /var/www/index.html?How can I set up a secure LAMP stack on CentOS?Limiting Scope of File Writing by PHP ScriptWhat do I need to create backups as reliable and secured archives?

Why aren't air breathing engines used as small first stages

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

What would be the ideal power source for a cybernetic eye?

Why are there no cargo aircraft with "flying wing" design?

If 'B is more likely given A', then 'A is more likely given B'

Is there a concise way to say "all of the X, one of each"?

Antler Helmet: Can it work?

Stars Make Stars

Is above average number of years spent on PhD considered a red flag in future academia or industry positions?

"Seemed to had" is it correct?

Bonus calculation: Am I making a mountain out of a molehill?

Letter Boxed validator

Is the Standard Deduction better than Itemized when both are the same amount?

What is the correct way to use the pinch test for dehydration?

I am not a queen, who am I?

Diagram with tikz

do i need a schengen visa for a direct flight to amsterdam?

What does '1 unit of lemon juice' mean in a grandma's drink recipe?

How much radiation do nuclear physics experiments expose researchers to nowadays?

How can I make names more distinctive without making them longer?

Do you forfeit tax refunds/credits if you aren't required to and don't file by April 15?

Proof involving the spectral radius and the Jordan canonical form

List *all* the tuples!

What do you call a plan that's an alternative plan in case your initial plan fails?



Is plain text in index.html secure?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionUse wpa_supplicant without plain text passwordsHow to guarantee the integrity of an OS?Which linux distro's package repositories are secure and which are not?execute file in server more safely?Why does SSH have unsecure defaults?Why are custom programs always installed in /opt, /srv, /usr/local, etc. and not in ~/ (home) folder?Why thepiratebay.se showing the content of /var/www/index.html?How can I set up a secure LAMP stack on CentOS?Limiting Scope of File Writing by PHP ScriptWhat do I need to create backups as reliable and secured archives?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















So I would like to know if anybody can access my LAMP if I just write some plaintext in the index.html file, so that when somebody accesses my_ip:port they will be greeted to the text in that file.



I know everybody can read what's in that plaintext file, that's not my security concern.



My concern is whether or not somebody can run any scripts to affect my server or do anything because of it.



The reason I'm doing this is because I want an encrypted message to be visible on my lamp server, so that I can do some other stuff from there.






bash security apache-httpd







share|improve this question

















  • 2





    I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

    – Jeff Schaller
    Apr 11 at 22:35

















0















So I would like to know if anybody can access my LAMP if I just write some plaintext in the index.html file, so that when somebody accesses my_ip:port they will be greeted to the text in that file.



I know everybody can read what's in that plaintext file, that's not my security concern.



My concern is whether or not somebody can run any scripts to affect my server or do anything because of it.



The reason I'm doing this is because I want an encrypted message to be visible on my lamp server, so that I can do some other stuff from there.






bash security apache-httpd







share|improve this question

















  • 2





    I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

    – Jeff Schaller
    Apr 11 at 22:35













0












0








0








So I would like to know if anybody can access my LAMP if I just write some plaintext in the index.html file, so that when somebody accesses my_ip:port they will be greeted to the text in that file.



I know everybody can read what's in that plaintext file, that's not my security concern.



My concern is whether or not somebody can run any scripts to affect my server or do anything because of it.



The reason I'm doing this is because I want an encrypted message to be visible on my lamp server, so that I can do some other stuff from there.






bash security apache-httpd







share|improve this question














So I would like to know if anybody can access my LAMP if I just write some plaintext in the index.html file, so that when somebody accesses my_ip:port they will be greeted to the text in that file.



I know everybody can read what's in that plaintext file, that's not my security concern.



My concern is whether or not somebody can run any scripts to affect my server or do anything because of it.



The reason I'm doing this is because I want an encrypted message to be visible on my lamp server, so that I can do some other stuff from there.






bash security apache-httpd




bash security apache-httpd






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 11 at 21:13









user323587user323587

592




592







  • 2





    I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

    – Jeff Schaller
    Apr 11 at 22:35












  • 2





    I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

    – Jeff Schaller
    Apr 11 at 22:35







2




2





I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

– Jeff Schaller
Apr 11 at 22:35





I'd be more concerned about the M and the P parts of your LAMP stack, although Apache had a vulnerability recently, too.

– Jeff Schaller
Apr 11 at 22:35










1 Answer
1






active

oldest

votes


















0














Putting plain text into the file is no less (or more) secure than putting HTML there. As far as the server is concerned, HTML is plain text: what gets sent over the wire is exactly the <html>...</html> bits written in the file.



There may be other security issues in play for your scenario, but this isn't one of them.



I would, however, encourage adapting your web server configuration so that the file is served as text/plain instead of text/html for technical correctness, though the practical differences are pretty minimal (browsers will probably render it in fixed-width instead of variable).






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f511998%2fis-plain-text-in-index-html-secure%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Putting plain text into the file is no less (or more) secure than putting HTML there. As far as the server is concerned, HTML is plain text: what gets sent over the wire is exactly the <html>...</html> bits written in the file.



    There may be other security issues in play for your scenario, but this isn't one of them.



    I would, however, encourage adapting your web server configuration so that the file is served as text/plain instead of text/html for technical correctness, though the practical differences are pretty minimal (browsers will probably render it in fixed-width instead of variable).






    share|improve this answer



























      0














      Putting plain text into the file is no less (or more) secure than putting HTML there. As far as the server is concerned, HTML is plain text: what gets sent over the wire is exactly the <html>...</html> bits written in the file.



      There may be other security issues in play for your scenario, but this isn't one of them.



      I would, however, encourage adapting your web server configuration so that the file is served as text/plain instead of text/html for technical correctness, though the practical differences are pretty minimal (browsers will probably render it in fixed-width instead of variable).






      share|improve this answer

























        0












        0








        0







        Putting plain text into the file is no less (or more) secure than putting HTML there. As far as the server is concerned, HTML is plain text: what gets sent over the wire is exactly the <html>...</html> bits written in the file.



        There may be other security issues in play for your scenario, but this isn't one of them.



        I would, however, encourage adapting your web server configuration so that the file is served as text/plain instead of text/html for technical correctness, though the practical differences are pretty minimal (browsers will probably render it in fixed-width instead of variable).






        share|improve this answer













        Putting plain text into the file is no less (or more) secure than putting HTML there. As far as the server is concerned, HTML is plain text: what gets sent over the wire is exactly the <html>...</html> bits written in the file.



        There may be other security issues in play for your scenario, but this isn't one of them.



        I would, however, encourage adapting your web server configuration so that the file is served as text/plain instead of text/html for technical correctness, though the practical differences are pretty minimal (browsers will probably render it in fixed-width instead of variable).







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Apr 11 at 23:02









        Michael HomerMichael Homer

        51k8141178




        51k8141178



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f511998%2fis-plain-text-in-index-html-secure%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

            Image
            If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad
            Read more

            Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

            Image
            Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? Would an alien lifeform
            Read more

            NetworkManager fails with “Could not find source connection”Trouble connecting to VPN using network-manager, while command line worksHow can I be notified about state changes to a VPN adapterBacktrack 5 R3 - Refuses to connect to VPNFeed all traffic through OpenVPN for a specific network namespace onlyRun daemon on startup in Debian once openvpn connection establishedpfsense tcp connection between openvpn and lan is brokenInternet connection problem with web browsers onlyWhy does NetworkManager explicitly support tun/tap devices?Browser issues with VPNTwo IP addresses assigned to the same network card - OpenVPN issues?Cannot connect to WiFi with nmcli, although secrets are provided

            Image
            What typically incentivizes a professor to change jobs to a lower ranking university? Reorder a Master List Based on a Reordered Subset How does one intimidate enemies without having the capacity for violence? Is it possible to do 50 km distance without any previous training? Java Casting: Java 11 throws LambdaConversionException while 1.8 does not How much RAM could one put in a typical 80386 setup? Is it legal for company to use my work email to pretend I still work there? Are astronomers waiting to see something in an image from a gravitational lens that they've already seen in an adjacent image? How is it possible to have an ability score that is less than 3? Why does Kotter return in Welcome Back Kotter? Can I ask the recruiters in my resume to put the reason why I am rejected? Why is consensus so controversial in Britain? Which country benefited the most from UN Security Council vetoes? Do infinite dimensional systems make sense? What's the poi
            Read more