I'm surprised that the Mach-II skeleton framework has the main Mach-II.xml config file in the webroot so that anyone can browse directly to /config/mach-ii.xml and read all your events etc. I just feel uncomfortable with exposing the inners of my application, so I've moved my config file up one level to hide it.
I'm not a security/hacker expert, so was just wondering if anyone can say whether I'm worrying about nothing? On the flip side, when I was learning Mach-ii a few weeks ago, I found it useful to look up other live mach-ii.xml files and see what others are doing. Douglas ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
