I am afraid it is I who do not understand - for which, serious apologies. And thanks for the detail on HTTPS.
So let me try to come up to speed here, if from a low base to start, again apologies.
Since SecurityAssist does not use HTTPS, what is the mechanism? I know about htaccess files (if not very much …); but as I understand them, they reside in a folder and restrict a whole folder. Apparently SecurityAssist restriction is by file, not folder. So, may I learn what is the basic mechanism?
Does this mean that every time a new file is added, which requires restriction (with some users allowed and others not) the developer (me) has to go in and make a new page setting. So, in this case, at least every week, if not more often?
Is there a tutorial, or guidance, on this? I will eagerly devour. (I have been through the online help documentation for SecurityAssist in a good bit of detail previously.)
I put HTTPS capability on the site. The above would seem to suggest that could be in error. So, could / should I remove that? Our logon ID's and passwords are managed otherwise, though of course protection of the passwords during login is a consideration. Our principal security needs are 1) to protect the intellectual property, thus restrict access to that part of the site only to subscribers (with detail among classes of subs); and 2) to keep from meddling the machinery for the db (insert pages and the like, created with DataAssist). Then leave open for the casual visitor the rest of the site.
Much thanks, David