Y
Hacker News
new
|
ask
|
show
|
jobs
by
leftnode
5181 days ago
I think you have to assume worst case: if they have access to your database, they have access to your web root. It might not be the case, but you should assume that.