On Thu, 08 May 2008 10:43:27 +0100, Iván -DrSlump- Montes <[EMAIL PROTECTED]> wrote:

What about using an .htaccess to deny access on the output directory?

In the ideal case scenario it should be outside the document root of
the web server (not accessible from the internet).

Of course they should be outside of web server root (although they're rather harmless, because the template code is in a function. The compiled template files when executed from outside will not execute template code and will not reveal any data).

I assume the extra protection is needed to protect from other users that have access to the file system or just to harden website against attacks.

regards, Kornel

PHPTAL mailing list

Reply via email to