I have no SSL cert. and want to make a password protected zone in my site.

Is there a difference security wise if I use a html form (methode POST) to submit the username/password or if I use a .htaccess?

Using .htaccess (Apache Authentication) is definitely in the top 2, when it comes to security access. No reason why you can't use it and I have an excellent .htaccess program & tutorial (http://potentproducts.com/resources/free/scripts/perl.html) that makes it easy for beginners to get started.

Hey check out Advanced Internet Technologies instructions on how to set your password protected directory using .htaccess.

http://aitcom.net/support/library/How_do_I_password_protect_directories_on_my_virtual_server.html

I have no SSL cert. and want to make a password protected zone in my site

SSL certs have nothing to do with .htaccess. SSL certs simply allow you to use https protocols which encrypt your data. You can create your own SSL cert if you are using the password protected areas just for internal use. If you create your own cert, IE will give you a security warning.

For more info on certs, do a search ... there is a good thread on the forums.

.htaccess provides for good security. There are exploits but they are quickly fixed. Also, .htaccess is sufficient to defeat most script kiddies.

Also, make sure that nobody except the web server and owner can read the .htpasswd file. Otherwise, people can get the passwords and use a cracker.

http://www.apacheweek.com/features/userauth