域路径是隐藏的吗?

If I place a folder in my root directory and give it a name that is not easily guessable, is it effectively hidden?

www.my_domain.com/some_path

were

some_path equals something like "1Ki9u"

I want to use this as sort of a quick way to login. Inside the folder 1Ki9u would be some php to login me in to my web-application.

What you're trying to do is security through obscurity.

With proper server configuration, it can be hidden pretty efficiently. However, I don't think this is a good idea:

  • IP address blocking => reliable in most cases, although it can be spoofed quite easily.
  • Browser history. Whoever sits on the same PC as you can find your hidden URL. Or if you need to access the hidden data from a friends / colleagues PC ?
  • If long enough, it can't really be brute forced, especially since few people will search for weird URLs on a random site.
  • Keyloggers/trojans/viruses aren't uncommon. Granted that this is a security risk for regular logins as well, but a login script probably is a bit more secure.
  • User friendliness. I don't actually see the difference in how easy it is to remember a 10+ character folder name, or a password (I will presume you will use an email address for login, that you can't really forget). Also, in case you forget the folder name, there's no easy way to recover it (well, FTP login, but that would defeat the purpose). With a login form you can use reset password.

Overall, if you are careful enough, it's highly unlikely that your hidden URL will be discovered, but from my point of view there is no real advantage of doing so. Plus, you will not be as secure as you would be with a regular login script.

If you really want to do this, only do it if you don't have very sensitive information. I mean, if someone gets a hold of a personal project you've been working on, it may not be a tragedy, but getting hold of a text file of all the FTP / cPanel passwords you have may hurt quite badly.

This is not security. This is no different than changing a password from password to password1. All it takes is brute force to find your URL (there's several programs that can brute-scan a server for 404 errors for this exact reason).

Use real security with a real secure login.

If you're incredibly lazy, use something as simple as a long .htpasswd usename and password.

This is called "Security through obscurity." The short answer is NO. This is not even remotely secure.

When you never link to it and keep your bookmarks and history private, there would be nobody knowing it exists. The longer the name of the directory, the smaller the chance someone to guess (or brute-force) the URL.

Though it's not safe at all to log in using just an URL. Even with a login form you're not completely safe since it's not protected against brute-force (though, a non-dictionary password of more than 12 characters is quite safe).

If you want to be really secure, use a two-factor authorisation where you email a login code to a specified email address when the entered password is correct. Then use that code to login. (example)