Hi,
On my development server I can access www.xyz.com/protected/runtime/application.log file. I can do this because I have 775 permission on the protected folder. In production I will change this but I am wondering how can you prevented it programmatically just in case?
Thank you,
Misc.
there is .htaccess file preventing access in Apache webserver. Privileges does not matter - php script should be able to read those files, but php is by default run on privileges of same user as webserver.
If you are using another webserver - you should deny acces to protected directory in server configuration or move this folder out of wwwroot and change config file location in your index.php (everything should work fine).