2007/7/22, Thomas Anderson <andersonthomas(a)gmail.com>om>:
I added a .htaccess file too, just in case. The reason
I didn't want to
use a .htaccess solution in the first place was because the password I
intended to use was quite short and it seems as if apache does not "take
a timeout" after a few failed attempts. That would make it possible to
bruteforce my password quite quickly since I can download at 1 MiBps.
I increased the password length to > 20 chars as a workaround.
You don't need a password at all; you can just use the .htaccess file
to restrict connections based on IP addresses. Something like
Order allow,deny
Allow from 127.0.0.1
should probably work (although I should note I have little experience
with Apache).
--
schnee