Peter Okma <pokma at stevens.edu> wrote: > Does that mean we do not need to restrict access to files in > lower directories. No, you still must prevent somebody from retrieving files from outside of the given document root. -Jan