Programmers and/or administrators often use common descriptive filenames and directory structures that could allow an attacker to get valuable information and knowledge about targeted system.
Using "/database/" directory (URI) could allow an attacker easier penetration of your databases.
- Do not use easily guessable filenames and directories.
- Do not make your directory/application hierarchy obviously designed.
- Configure file permissions carefully.