I am about to build authorisation into a Foxweb-based site and I like the idea of using the Auth.authlist property. To prevent the user editing Authenticate.fwx, I am thinking of allowing the user/password list to be kept in a plan text file, which is read into the Auth.authlist property by FILETOSTR(). Where is the best place to store this .txt file? I can easily keep it outside of the web tree, but would it be safe-enough in \programroot\subdir ? Would it be safer on a totally different area (the data is already on a different drive letter)?
The vast majority of pages within the website will require authorised access only. If I run Authenticate.fwx from FW_enter.prg, is this enough to prevent any .fwx script being run if authentication is not successful? Do I have to return to .F. if authorisation is unsuccessful or will script execution be terminated automatically?
Any comments would be appreciated.