I notice that the file login.php contains the following data un-encrytped:
mysql: password
login page: password
Wouldn't it be safer to encrypt this data and store only the encrypted data. Other php software such as postnuke does this.
What changes can be made to .htaccess to gurantee than no one ever reads login.php as normal text?