From b1492802ca78d111bd0f70ca8f6a0f4f2c7318f4 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Mon, 11 Jul 2016 16:27:42 -0700
Subject: [PATCH] add comment on htaccess http authentication

---
 views/contact.erb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/views/contact.erb b/views/contact.erb
index 64172011..380c98cd 100644
--- a/views/contact.erb
+++ b/views/contact.erb
@@ -181,6 +181,10 @@
           <p>
             The .htaccess file is an Apache specific thing, and we don't use Apache for our backend. In addition, we generally don't add features to Neocities that make the functionality of sites depend on custom backend functionality (the sole exception being that we make sure "page not found" goes to "not_found.html" so you can create a custom 404.)
           </p>
+
+          <p>
+            Finally, we sometimes see people trying to use .htaccess for authentication (with usernames and passwords). Neocities is only for sites and information you want to make public, and it is dangerous to use it for private sites! We make backups of your site and attackers can easily find any information you're trying to hide using our archivers. Our goal is to make sure your sites stay up for a long time and persist, not to enforce secrecy zones on your site. If you want to make a controlled access site, Neocities is not for you.
+          </p>
         </div>
       </div>
     </div>