I've been examining the code in a CGI based discussion board system and have found that several internal directories that store posted messages, user data, etc. have .htaccess files in them that contain this simple text and nothing more:<br /><br /><b>deny all</b><br /><br />Obviously the scripts associated with this discussion board can still access the contents of those directories, but does <b>deny all</b> make them essentially "bullet-proof" against all outside access?<!--content-->
Although nothing is bullet-proof, deny all should block all http attempts from gaining entry to that directory.<!--content-->
Although nothing is bullet-proof, deny all should block all http attempts from gaining entry to that directory.<!--content-->