A lot depends on your server. Some servers will allow any non-executable files to be displayed if they're in the cgi-bin. If yours does, this could be a problem.
I just checked it and you will have a problem. But, as with almost every problem, there is a solution!
First, you're going to want to prevent anyone from being able to get a list of the files in your directory. All you have to do is to create a little index.html page and add it to the directory. It can say anything you want and doesn't have to be extensive at all. All you need is an html file that will display when someone tries to access the directory. You could even just copy the index.html file that's in the auth directory, if you wanted to.
Second, you're going to have to use some "obfuscation." (I like that word!
) The following came from BigGeorge here on the forum.
Rename your default.cfg file to something else. You can leave the "default" part, but change the "cfg" to something only you would know -- it doesn't have to be only 3 letters and it can be any letters you want. (Probably could be numbers, too, but I'm not sure.) For the purpose of illustration, I'll use "abc" as an example.
Then open your db.cgi file and look for
require "$db_setup.cfg"; # Database Definition File
change that to
require "$db_setup.
abc"; # Database Definition File
Rename your .pass file to something other than "default.pass." You can get as obscure as you want here. I once named a password file "old.stuff" for someone.
Then go into your default.cfg file (which is now named "default.abc") and change
$auth_pw_file = $db_script_path . "/default.pass";
to reflect the change in your password file. If you were using the example I gave above, you would have
$auth_pw_file = $db_script_path . "/old.stuff";
You can do something similar for the default.db file, if you don't want anyone to be able to access it directly.
Be sure to change the files on both your server and on your home computer, in case you do some editing later on. You might forget to change the file names and you'd have problems.
I don't know enough about .htaccess to be able to give you any advice about using it. But I think this is probably going to work for you.
------------------
JPD