Hi,

I'm wondering what the security implications are of using a form to post the username and password to .htaccess. Something like: http://loginname:password@www.domain.com/password_protected_dir/

> Browsers history files, referer information and so...

----
I want to avoid the pop-up-box, so I want to check the username and password with a script, then post the username and password to a htaccess protected dir. Just because then I'm able to use $ENV{'REMOTE_USER'} to offer custom pages to logged in users. Sound smart or stupid?

The popup box is a feature of the server software, .htaccess and how some browsers handle "authentication required" headers.

You could set up your own username/password system that didn't use popups, but it couldn't be done via .htaccess

The sites listed at http://www.hotscripts.com/...User_Authentication/ will explain this subject in more detail.

You're responding to my question ?!

If you put the username and password into the url this data will be visible in the temporary internet files folder.

I just tested it out and it doesn't show up in my access_log, I just get the real URL.

Er... yes. Why? Wasn't that what you wanted?