I'm using a .htpasswd management program and it stores the .htpasswd and .htgroup files in a directory located in my root directory. Webprotect that comes with CPanel, stores password information outside the root directory which is more secure, so I've moved these two files into that directory /.htpasswds/main and I have changed the permissions on the "main" directory to 777 and 666 for both the .htpasswd and .htgroup files.
From a security perspective:
1) Are these the correct CDMOD settings that I should be using?
2) Is it wise to be using a PHP program to access and write to those files outside of the root directory?
Thanks for your time,