[BNM] .htaccess overhead?

[Pete Dowdell]

Ali wrote:
> After writing an email pointing out the excessiveness of charging for use of .htaccess the host has conceded and agreed to allow me to place the files on the server free of charge, however as I have no access to the level above the web root I was wondering if anyone had any thoughts on where best to place the .htpasswd file and any info on the dangers of placing it within the web root, should I place it within the protected resource?
>   

My tuppence would be:

make a suitable obscure subpath to .htpasswd and place it there (so its 
location can't be easily guessed) (1p). 
Then protect the folder, or the file itself, or ALL files starting "." 
(probably a good idea) by editing the .htaccess file (1p).
=2p

Pete