**It is extremely important that the
config.neon and the entire directory
log & etc is not accessible from a web browser. If these directories will not be protect against direct access
from the Internet, anyone will be able to see your passwords and other sensitive information.
How to determine whether file is protected? Simply try to open it in the browser. If your site is located at
config.neon is placed in the directory
app/config, try to open the
http://example.com/app/config/config.neon. The browser should show page not found error. If it shows the contents
of the configuration file, there is a serious security hole and you need to fix it.
To protect critical files from being accessed from the web is your responsibility. How to do it?
The text file
.htaccess is used to modify some configuration options of web server. For example, restricting
access to certain files or directories. It works on Apache servers.
Make sure that there is a file
.htaccess in directories
log & etc with the
Order Allow,Deny Deny from all
Some hosts provide the ability to restrict access to the directories in its web interface. Disable access to the whole
log & etc.
If your web application uses a directory structure, where directories
log & etc are not
available from a web browser, there is no need to set anything else.