Hi. Consider the following scenario.
In directory PRODIR ( short for protected directory ), I have certain files which contain sensitive information ( say, database passwords, embedded in some PHP scripts ). Let's consider "passwords.inc" The PRODIR is protected with the .htaccess file, so no one can _directly_ access those files through the web-server. Files: $PRODIR/.ht* $PRODIR/passwords.inc I don't want the passwords to be seen by other users on the same system as well. So, the file permissions are such that others can't see those files ( owner=user, group=group-of-apache-process and perms = 750 ) Now - bash$ cat $UNPRODIR/crack.php <? include( $PRODIR/passwords.inc ); ?> Obviously, PHP ( or anything else ) won't respect the rules set for Apache. Is there a way in which such add-ons ( like PHP ) can call Apache back for such authorization services? Of course, there can be work-arounds like making the user supply extra information ( login/password ) through the browser and then using cookies, but is there any other way? regards, jaju