I got a kick out of these UF .htaccess file comments:

The resources directory should not be made publicly accessible (i.e., in the public document directory) at all.

But just in case you’re an idiot, this should at least give you protection from exposing passwords and other sensitive info in your .env files.

Thanks for looking out for me!

• Mike