Apache .htaccess Auth

[ShilohWarrior]

yea i agree, the only thing i liked about htaccess was that it protected the whole directory, not just a script, or i may be mistaken, does php auth protect the directory because ive used php auth in phpMyAdmin index.php before and i worked fine (i think its cuz phpmyadmin uses frames). I dont kno

[Musicman]

Hi,

php auth does NOT protect folders, only scripts (and every script would include the auth code)
If you need to protect non-script files, the first choice would be to deliver them through php. Another option (which is more efficient but requires the cooperation of the hosting service would be scripted rewriting of urls.

Besides browser / server and scripted auth there is also a way to mix both: a php script receives the auth data from browser auth, and can send the "auth required" http code that triggers the auth dialog. This still looks like browser auth but does not protect entire folders. Also, when I tried it I had some difficukties not to remain logged in (or get back in with a particular sequence of "browser back", "refresh" and "cancel auth"  clicks.

@shiloh warrior: there is nothing of particular value in the phpmyadmin folder other than scripts - so it does not make a difference whjether it is protected one way or the other. It makes a difference if a site is offering, e.g. media files for paying members.

About frames: it is well possible (and hard to avoid) with scripted auth, an idle timer, and framesets that just one frame in the frameset wants the visitor to auth again ... and this can look very silly

Musicman.