Have you guys given any thought to being able to place folders with code in them (modules,adodb, etc.) outside of the web root. I can't think of anything super dangerous about it at the moment, but it always gives me a funny feeling to have readable code sitting in the web root.
Posts: 32509
1. As long as this code doesn't do anything if accessed directly, there's no reason to have a funny feeling (there are no scripts in G2, just main.php is a script, the rest are files that have classes or functions)
2. There are plans, or maybe just ideas, to have a second modules folder in the g2data folder (which can be outside the web root), to install things directly from the internet.
Posts: 7994
Remember also that all of this code is freely available on the web, like here. Anybody who wants to see it can see it. If you plan on making a lot of changes to the code, I can understand your wanting to keep it inaccessible. In that case, you can create a .htaccess filter to deny access to any file that ends in .inc or .class and you'll probably be secure.