Security question

Hmm, it's one of various method's you can use and its as secure as u want it to be..i mean if someone else has access to the directory you place ut .htpasswd file in then they can just read it and get the details, but if you've the encrypted passwd in there that's what they'll see and then will have to crack that to get to the actual password. If you can lock down those who can get access to the .htpasswd file physically then chances of getting the passwd's goes down considerably.

Most people using virtual hosting have no choice but to use it. And it generally does the job. Plus you can also use the .htaccess file to restrict off access to certain ip's etc and do some other funky stuff to get around things that server admins might turn off

But generally .htaccess is a pretty decent way to auth users. Although writing something into your code to auth the users would be somewhat better, chances are you'll be restricted to a flat text file to hold the details, unless you've access to some db, in which cause you might as well just use .htaccess.

/me hopes that make sence..

Ro

You also need to think about the access you have to the server as well.

If its your own server you can do what you will, if not you need to find out how restricted you are. Different isp/hosting companies allow you do different things, so the .htaccess might be all your left with..

And as ecksor says you have to think about what ways people will be inputing the data..

Just think about how sensitive the info is, and if you can lock it down to only allowing certain ip's to auth sucessfully.

Ro