I would like to be able to open up AFP on the Users folder (it is by default), but here comes my concern. Some of the users will have their sites hosted in their user Sites folders, including some PHP config files, potentially containing mysql login information, etc. Accessing the site through the web is no problem, as Apache w/ PHP will never show content of the PHP code, however AFP will! Why does AFP allow read access to everyone's Sites folder??? How can I preserve AFP, so that users can read/write/manage their OWN site, but not be able to see/read someone else's?