Hack to prevent project files (passwords, etc.) from being served by some Apache (RFE)
|Reported by:||JonathanHayward||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
For http://docs.djangoproject.com/en/dev/intro/tutorial01/#creating-a-project , users are strongly advised to store project files outside the directories served up by a server.
I'm not sure whether this should be advised in the documentation, but for Apache, if AllowOverride is enabled as it often is, a .htaccess file that contains a syntax error will cause an error page to be displayed on attempted access. If such a .htaccess file is included, there is an extra layer of protection. (This could be advised in the documentation or include in startproject).