I've implemented a PHP auto_prepend_file in Apache's httpd.conf file to password protect every page on the server. Let's assume the the prepended file is properly coded and secured. Are there any serious security risks to using an auto_prepend_file method? I'm worried this opens up some sort of cross scripting attack or access can spoofed. Thanks for the help :)
In httpd.conf:
php_value auto_prepend_file "path/to/application/auth/include/secure.inc"