I've been asked to quickly set up a password protected page on a client's server and I don't have access to a database on this occasion. There is only one username/password combination and this will be used by multiple persons. Not ideal. Anyway, I'm just thinking about storing the username and SHA1 encrypted password in a separate php file from the login script then doing my usual authentication. Is there a more secure way to store the user/password info or does this seem reasonable?
Thanks for the reply. The server is configured correctly and file permissions set securely, so i'll just go ahead with that approach. Good point about moving the username/password info into the login file - not sure why i thought it would be more secure stored elsewhere (thought of possibly storing it in a file outside of webroot), just illogical paranoia!