I have a client that I do websites for. (duh) Now he'd like a personal, heavily password protected site that his business associates can't get into. I'm looking at a PHP/Cookie based solution - where you'll get bounced back to the UN/Password form if you don't have a cookie granting you access - and I've looked at .htaccess on Apache. I'm also going to make sure the site can't get indexed by robots. Am I missing anything? There's going to be some sensative content there that should not fall into the wrong hands... and I want to make sure that I cover all my bases. Also, any way that I can best cover myself in case something goes terribly wrong?