like mike has stated, you cant do much with out the database.
to further explain this, lets break security assist down to the user experience.
a new user comes to the site and wants to register to gain access. they go to the registration page where they enter their personal information including email address and password. when the registration page submits, the information is stored in the users table of the database
a registered user will go to the login page. they enter their email address and password, when the login page submits, it will look in the users table of the database to see if the email address / password combination that was entered exists (checking to see if they have registered) if it does, the userID from the primary key column is stored in a session variable.
this userID session variable is used on any of the other protected pages to determine if the user should be allowed access or not.
without a database in place, there is no way for a user to register.
if the user cant register, they cant login.
if they cant login, there's no way to know if they should be allowed access to your pages.