During development: .htaccess passwords of php form of what?

My host tech support just said:

The .htpasswd system uses a very old security technique that has a number of problems (7 character password limit, some characters not properly recognized, conflicts with certain mod_rewrite rules and conditions, etc.). It is highly recommended that you avoid using the htpasswd system if at all possible.

This got me thinking: during the development phase of a site, I always simply smack a .htaccess password on it until I want it to be publicly accessible. I've done that for years without ever asking what other people do.

Naturally, a stronger and safer alternative is to have an almost blank index.php page with only a form to submit the developer's password, which would then reload the site under development without that form.


Are there other options?
What does everyone here do?
Is my host right in his vociferous warnings against using .htaccess for this purpose?


Curious to here what you all do.

Not sure where your hosting provider got their information but it isn't valid. Using .htaccess is probably one of the more secure methods available and a very good choice for protecting things from prying eyes during development.

Hmmm.

Well, I guess hostgator loses some point here then.
(They deserve to be named, given your feedback!) :D

I generally do a
Order deny,allow
deny from all
allow from 123.my.personal.ip
But, using htpasswd shouldn't be a problem, either.

Thank you, mister 'you killed my father, prepare to die'.
(In case someone flags this post for abuse(!), I'm merely commenting on the previous user's pic - an in-reference for anyone who knows the source of his image!)

I never thought of allowing by IP address. That's far less messy then passwords.
Thanks.

an in-reference for anyone who knows the source of his image!

I don't think there's one bloke out there who doesn't like that film. :D Absolute classic. :D