Hi! > The easiest workaround is to put blank index.html files > in directories whose content should be "hidden". Well a blank index.html just avoids directory browsing - one could still access the files directly > Given the openness of the source code, and wiki content, > this seems like overkill. Correct as long as all your content is viewable in the wiki there is no point of hiding the data files > I think it's sufficient to protect user data by putting > a blank index.html file in the 'conf' directory. Again this protects you from directory browsing only. Maybe we should use the .php extension for all config files? Even if they aren't PHP sourcefiles? This way their contents could be protected by a line like this on top: # <?php exit()?> Anyone wants to supply a patch? Andi -- http://www.splitbrain.org -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist