Tags

, ,

While designing the Electron Configuration Tool, we researched several chemistry sites. Unfortunately many of these have directory browsing/listing enabled, effectively leaving files, technology, and even student resources wide open for the public to see. This is not unique to chemistry sites. On the contrary, it appears to be systemic across university sites and sites across the Web. Actually, we have exposed this before, many times.

For instance, in 4s & 3d, 3d & 4s, Cu & Cr, sloppy aufbau & Eric Scerri! Adrian Dingles shows the PES plot for Sc, obtained from

http://www.chem.arizona.edu/chemt/Flash/photoelectron.html

If you paste in your browser the short version of that url, like this

http://www.chem.arizona.edu/chemt/Flash/

or like this

http://www.chem.arizona.edu/chemt/

the entire content of those directories can be accessed and grabbed by any one. If a directory lists equally browsable subdirectories, then the problem is compounded.

From time to time, one can do a similar exercise across university sites and find entire school resources and student records wide open and accessible, only because directory browsing/listing was not blocked at the server or directory levels. Why expose sensitive information to the public? How smart is that?

Advertisements