Using per-directory access control files to control access to directories is so convenient, why should I use access.conf?
Instead of placing directory access restrictions directives in centralized configuration files, most servers give you the ability to control access by putting a “hidden” file in the directory you want to restrict access to (this file is called “.htaccess” in NCSA-derived servers and “.www_acl” in the CERN server). It is very convenient to use these files since you can adjust the restrictions on a directory without having to edit the central access control file. There are several problems with relying on .htaccess files too heavily. One is that with access control files scattered all over the document hierarchy, there is no central place where the access policy for the site is clearly set out. Another problem is that it is easy for these files to get modified or overwritten inadvertently, opening up a section of the document tree to the public.
