[development] let's cleanup /misc

James Walker walkah at walkah.net
Thu Jan 5 17:50:48 UTC 2006

On 1/5/06 12:41 PM, Karoly Negyesi wrote:
>> 1. Improve the security of a Drupal install by keeping all files
>> private, except for an index.php, no module or include files should be
>> accessible from a web browser
> This will not increase security. If .htaccess can not protect you, why 
> would this? And how would we ship the tarball...? Untar this half below 
> documentroot and index.php to documentroot...? /me shakes head

well, users of non-apache (say, IIS, e.g.) servers or those who aren't 
permitted .htaccess overrides by their hosting providers are a bit 
screwed relying on .htaccess ...

James Walker :: http://walkah.net/ :: xmpp:walkah at walkah.net

More information about the development mailing list