I’ve used htaccess to password protect directories in the past. Now I’m looking into using PHP/MySQL.
There are plenty of examples of the PHP out there. I don’t expect much trouble on that front. But all of these examples seem to focus entirely on the PHP code (and to a lesser extent) the MySQL database.
No one seems to say what settings (in htaccess ??) need to be set on the server to keep it from dishing out files directly linked in that protected directory. I mean, it’s all well in good to have PHP authenticate… but if something isn’t telling the server to enforce PHP authentication, then it’s trivial to get around.
Anyone have an example of what settings are necessary in .htacces (or wherever) that are necessary to require PHP/MySQL authentication?
Thanks