On a website I have moved some secure data from under the document root...
e.g. <our partition on apache webserver>\www\<some directory>
to a more secure position that is NOT under the document root..
e.g. <our partition on apache webserver>\secure\<some directory>
..the idea being to stop canny users who might know/guess the path from being able to browse to the data
I'm presuming this won't work for precisely the right reasons, i.e. we are trying to access the secure data via a webrowser, using HTTP, and since its not under the document root any more, we can't get to it.
Is this right?