On Thu, 08 May 2008 10:43:27 +0100, Iván -DrSlump- Montes
<[EMAIL PROTECTED]> wrote:
What about using an .htaccess to deny access on the output directory?
In the ideal case scenario it should be outside the document root of
the web server (not accessible from the internet).
Of course they should be outside of web server root (although they're
rather harmless, because the template code is in a function. The compiled
template files when executed from outside will not execute template code
and will not reveal any data).
I assume the extra protection is needed to protect from other users that
have access to the file system or just to harden website against attacks.
PHPTAL mailing list