I do not currently use aMember. From the online doc, I gather that all of the protection methods, strangely, require an .htaccess file in every protected folder. I have always used the more secure technique of putting the necessary directives into xxx.conf apache configuration files, in a folder that is accessible only to a particular user group, completely separate from the protected content. I don't see the point of requiring these files to be distributed all over the place and stored together with the protected content. I presume this design choice also (unnecessarily) complicates the scripting that manages the files. Wouldn't it be simpler from a scripting standpoint to have all of these files centralized in one folder? Before making a purchase decision, how difficult will it be for me to customize the script(s) to use centralized, as opposed to distributed, .htaccess logic? The only justification I can see for using .htaccess files mixed with the content is if you are not the system administrator, and are limited to a subdirectory tree.
Just a note - it's a lot easier to create and edit .htaccess files in folders that need to be protected via the aMember interface than it is to edit the .conf apache configuration files from the same interface (not even sure that's possible easily). Is there any reason why you don't "trust" the .htaccess protection?
Please excuse my extremely tardy reply. Please read this: http://wiki.apache.org/httpd/Htaccess I do not allow .htaccess on my system. What I always do is place a wildcard Include statement in httpd.conf that looks like so: Include some_protected_folder/*.conf (Someone who doesn't have access to httpd.conf can usually arrange to have an Include statement of that kind inserted.) In the case of amember, the logical Include is a subfolder of the protected folder that contains amember. If I purchase amember, how difficult would it be for me to change the script(s) involved so that they update .conf files in such a folder? (Each .conf file would look just like the .htaccess files your script currently require.) Or, what about a feature that makes this an option?
Sure such modification can be done. Also you can do this manually without a problem. Just protect folder then copy rules generated by aMember into your httpd.conf