I have a website consisting of php files and database access. I have protected access to rescticted pages using a php-loginscript and access to the database is password protected.
Is it possible in any way to list the files on that server and get access to the sourcecode (.php files) on the webserver without
knowing my webserver user login details ? Anything more that I need to do to prevent that?