Hi
In the default package there should be .htaccess files to prevent
reading of .inc files. By default most Apache installations will allow
reading of .inc files posing a security risk, so each directory
containing these should have an htaccess file such as
Order allow,deny
Deny from all
in the 'program' directory to prevent people from gaining access to
database passwords in the configuration.
--
Colin Alston
karnaugh@karnaugh.za.net
http://www.karnaugh.za.net/
"There have been hacker forums where, out of some misguided sense of
hyper-courtesy, participants are banned from posting any fault-finding
with another's posts, and told ''Don't say anything if you're
unwilling to help the user.'' The resulting departure of clueful
participants to elsewhere causes them to descend into meaningless
babble and become useless as technical forums." - Eric Steven Raymond