By smitty on
In the .htaccess-file in the root of Drupal there are some files and directories protected from prying eyes:
<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
Question 1: Why are the endings txt, tmp, ini, pot not also protected? Is it expected to delete all pot and txt files on the life-server, so that it is not necessary to protect them?
Question 2: Wouldn’t it be better to deny access to all files and only to allow access to specific files such as css, js, png, gig, jpg, ... ?
