Here's how the blog works: I type to a JavaScript form on a password protected HTML file. The HTML file transfers the JavaScript form to a password protected PHP file. The PHP file transfers the data to text file 2. The PHP copies the old data (previous posts) from text file 1. The PHP imports the copied data to text file 2, under the new post. The PHP copies the new contents of text file 2 to text file 1, keeping it up-to-date. Another PHP file renders each line of text file 2 as a post, detecting the title, date and message. That PHP file then displays the contents of text file 2. An HTML file displays the PHP file in a frame. 6 files total (including an unabridged version of the blog). End result: http://www.monochromedia.com/weblog.html
I moved the blog text files into a folder protected by .htaccess from remote requests. So here's the deal: The files that write to the blog are in a password protected directory. The files that store the blog (flat files) are in a directory guarded from remote requests - only www.monochromedia.com can do anything with/to them. The files that display the blog aren't protected, however their CHMOD settings protect them from alteration. Now I'm pretty sure the blog is secure. Anyone disagree?