#8 Security: URL's can be guessed and browsed without login

[Anonymous]

This is very serious. Yes you can disable this in Apache,
but sometimes this is not possible, because of non-root
access or other reasons. This works with the
php-verification. http-access-verification gives off cource no
problems.